Shodan
Vulnerabilities
Vulnerable Software
Openwrt:  Security Vulnerabilities
CVE-2023-24182
LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /system/sshkeys.js.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-04-11
CVE-2023-24181
LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /openvpn/pageswitch.htm.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-04-10
CVE-2022-41435
OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public key comments.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-11-03
CVE-2022-38333
Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-09-19
CVE-2021-45904
OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-12-27
CVE-2021-45905
OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-12-27
CVE-2021-45906
OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-12-27
CVE-2021-32019
There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-08-02
CVE-2021-27821
The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability which can lead to attackers carrying out arbitrary code execution.
CVSS Score
6.1
EPSS Score
0.005
Published
2021-05-25
CVE-2021-33425
A stored cross-site scripting (XSS) vulnerability was discovered in the Web Interface for OpenWRT LuCI version 19.07 which allows attackers to inject arbitrary Javascript in the OpenWRT Hostname via the Hostname Change operation.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-05-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved