Openwrt

Openwrt

135 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.52%
  • Veröffentlicht 03.12.2019 20:15:11
  • Zuletzt bearbeitet 21.11.2024 04:33:57

OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device).

Exploit
  • EPSS 0.78%
  • Veröffentlicht 18.11.2019 18:15:10
  • Zuletzt bearbeitet 21.11.2024 04:44:21

An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is inval...

Exploit
  • EPSS 0.78%
  • Veröffentlicht 18.11.2019 18:15:09
  • Zuletzt bearbeitet 21.11.2024 04:44:21

An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is inval...

Exploit
  • EPSS 0.66%
  • Veröffentlicht 28.11.2018 10:29:00
  • Zuletzt bearbeitet 21.11.2024 03:58:19

cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI.

  • EPSS 2.44%
  • Veröffentlicht 19.06.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:41

OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific ...