- EPSS 0.02%
- Published 05.11.2024 19:15:07
- Last modified 06.11.2024 20:35:34
An issue in the luci-mod-rpc package in OpenWRT Luci LTS allows for privilege escalation from an admin account to root via the JSON-RPC-API, which is exposed by the luci-mod-rpc package
CVE-2023-24181
- EPSS 0.09%
- Published 10.04.2023 14:15:09
- Last modified 11.02.2025 16:15:32
LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /openvpn/pageswitch.htm.
CVE-2022-41435
- EPSS 0.11%
- Published 03.11.2022 12:15:10
- Last modified 05.05.2025 14:15:24
OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted pu...
CVE-2021-27821
- EPSS 0.49%
- Published 25.05.2021 14:15:07
- Last modified 21.11.2024 05:58:36
The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability which can lead to attackers carrying out arbitrary code execution.
CVE-2020-10871
- EPSS 0.85%
- Published 23.03.2020 20:15:11
- Last modified 21.11.2024 04:56:15
In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same info...
CVE-2019-12272
- EPSS 37.65%
- Published 23.05.2019 15:30:12
- Last modified 21.11.2024 04:22:32
In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability.