CVE-2026-55490
- EPSS 0.65%
- Veröffentlicht 07.07.2026 21:08:26
- Zuletzt bearbeitet 09.07.2026 19:40:42
OpenWrt is a Linux operating system targeting embedded devices. Before v25.12.5, an integer underflow in handle_send_a() of the Emergency Access Daemon allows any unauthenticated attacker on the local network to crash the daemon by sending a single c...
CVE-2026-32721
- EPSS 0.24%
- Veröffentlicht 19.03.2026 22:46:43
- Zuletzt bearbeitet 14.04.2026 17:49:24
LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireles...
CVE-2026-30874
- EPSS 0.3%
- Veröffentlicht 19.03.2026 22:36:04
- Zuletzt bearbeitet 23.03.2026 19:26:05
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplug_call function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, pote...
CVE-2026-30873
- EPSS 0.52%
- Veröffentlicht 19.03.2026 22:01:03
- Zuletzt bearbeitet 24.03.2026 14:11:53
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jp_get_token function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulner...
CVE-2026-30872
- EPSS 2.22%
- Veröffentlicht 19.03.2026 21:56:23
- Zuletzt bearbeitet 24.03.2026 14:05:07
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the match_ipv6_addresses function, triggered when processing PTR quer...
CVE-2026-30871
- EPSS 1.21%
- Veröffentlicht 19.03.2026 21:49:50
- Zuletzt bearbeitet 24.03.2026 14:07:06
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the parse_question function. The issue is triggered by PTR queries f...
CVE-2026-20435
- EPSS 0.12%
- Veröffentlicht 02.03.2026 08:39:12
- Zuletzt bearbeitet 03.03.2026 12:52:46
In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interact...
CVE-2026-20430
- EPSS 0.23%
- Veröffentlicht 02.03.2026 08:39:08
- Zuletzt bearbeitet 02.03.2026 22:05:08
In wlan AP FW, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploita...
CVE-2026-20419
- EPSS 0.73%
- Veröffentlicht 02.02.2026 08:16:46
- Zuletzt bearbeitet 05.02.2026 17:16:13
In wlan AP/STA firmware, there is a possible system becoming irresponsive due to an uncaught exception. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed for...
CVE-2026-20408
- EPSS 0.27%
- Veröffentlicht 02.02.2026 08:14:56
- Zuletzt bearbeitet 04.02.2026 13:48:41
In wlan, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Pat...