4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.0%
DESCRIPTION
Missing input validation of host names displayed in OpenWrt LuCI web-interface leads to Cross-site scripting, which can be used to gain full control over the affected system.
REQUIREMENTS
Users need to visit the LuCI “Connection status” page of the router and activate the host name resolution. The attackers need to hold a connection to the OpenWrt router which is displayed in the Web-interface, ie. via sending ICMP ping messages.
*[ICMP]: Internet Control Message Protocol
MITIGATIONS
AFFECTED VERSIONS
To our knowledge, OpenWrt version 19.07.0 to 19.07.7 are affected. The fixed packages will be integrated in the upcoming OpenWrt 19.07.8 and OpenWrt 21.02.0 release. Older versions of OpenWrt (e.g. OpenWrt 18.06, OpenWrt 15.05 and LEDE 17.01) are end of life and not supported any more.
CREDITS
This issue was identified by Philipp Jeitner and Haya Shulman from Fraunhofer SIT
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.0%