Openwrt: >> Openwrt Security Vulnerabilities
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only).
CVSS Score
6.7
EPSS Score
0.0
Published
2023-05-15
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only); Issue ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only).
CVSS Score
6.7
EPSS Score
0.0
Published
2023-05-15
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only).
CVSS Score
6.7
EPSS Score
0.0
Published
2023-05-15
LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /system/sshkeys.js.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-04-11
Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request.
CVSS Score
7.5
EPSS Score
0.006
Published
2022-09-19
OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-12-27
OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-12-27
OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-12-27
There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-08-02
A stored cross-site scripting (XSS) vulnerability was discovered in the Web Interface for OpenWRT LuCI version 19.07 which allows attackers to inject arbitrary Javascript in the OpenWRT Hostname via the Hostname Change operation.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-05-25