Openwrt: Security Vulnerabilities
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only).
CVSS Score
6.7
EPSS Score
0.0
Published
2023-05-15
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only); Issue ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only).
CVSS Score
6.7
EPSS Score
0.0
Published
2023-05-15
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only).
CVSS Score
6.7
EPSS Score
0.0
Published
2023-05-15
LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /system/sshkeys.js.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-04-11
LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /openvpn/pageswitch.htm.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-04-10
OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public key comments.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-11-03
Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request.
CVSS Score
7.5
EPSS Score
0.006
Published
2022-09-19
OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-12-27
OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-12-27
OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-12-27