Shodan
Vulnerabilities
Vulnerable Software
Openwrt:  >> Openwrt  Security Vulnerabilities
CVE-2023-20726
In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only); Issue ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only).
CVSS Score
3.3
EPSS Score
0.0
Published
2023-05-15
CVE-2023-20694
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only).
CVSS Score
6.7
EPSS Score
0.0
Published
2023-05-15
CVE-2023-20695
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only); Issue ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only).
CVSS Score
6.7
EPSS Score
0.0
Published
2023-05-15
CVE-2023-20696
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only).
CVSS Score
6.7
EPSS Score
0.0
Published
2023-05-15
CVE-2023-24182
LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /system/sshkeys.js.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-04-11
CVE-2022-38333
Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-09-19
CVE-2021-45904
OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-12-27
CVE-2021-45905
OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-12-27
CVE-2021-45906
OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-12-27
CVE-2021-32019
There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-08-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved