Openwrt: >> Openwrt >> 18.06.1 Security Vulnerabilities
Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-09-19
LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-01-26
libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-11-19
An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary package payloads (which are installed without verification).
CVSS Score
8.1
EPSS Score
0.025
Published
2020-03-16
libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow.
CVSS Score
7.5
EPSS Score
0.013
Published
2020-03-16
uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked" and a large negative Content-Length value.
CVSS Score
7.5
EPSS Score
0.01
Published
2020-03-16
cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-11-28