CVE-2019-18992

OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router" and "New forward rule" and "New Source NAT" this can occur, for example, on a TP-Link Archer C7 device...

Cross site scripting

LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID...

OpenWrt Cross-Site Scripting Vulnerability

OpenWrt is a Linux operating system for embedded devices. A cross-site scripting vulnerability exists in OpenWrt 18.06.0 through 18.06.4, which could allow an attacker to steal sensitive information...

CVE-2019-25015

LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID...

OpenWrt Cross-Site Scripting Vulnerability

OpenWrt is a Linux operating system for embedded devices. A cross-site scripting vulnerability exists in OpenWrt version 18.06.4, which stems from the lack of proper validation of client-side data by a WEB application. An attacker can exploit this vulnerability to execute client-side code...

CVE-2019-18992

OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router" and "New forward rule" and "New Source NAT" this can occur, for example, on a TP-Link Archer C7 device...

CVE-2019-18992

CVE-2019-18992 is an XSS vulnerability in OpenWrt 18.06.4. It affects the /cgi-bin/luci/admin/network/firewall/rules API, where the Name fields (e.g., “Open ports on router”, “New forward rule”, “New Source NAT”) can be crafted to inject script. The issue is demonstrated on devices such as TP-Lin...

CVE-2019-18993

OpenWrt 18.06.4 is affected by a stored/reflected XSS vulnerability in the web UI, allowing an attacker to inject scripts via the New port forward Name field targeting the cgi-bin/luci/admin/network/firewall/forwards URI (e.g., on TP-Link Archer C7). The issue stems from insufficient input valida...

PT-2019-15743 · Tp Link +1 · Tp-Link Archer C7 +1

Name of the Vulnerable Software and Affected Versions: OpenWrt version 18.06.4 Description: The issue allows for XSS via the Name fields in the /cgi-bin/luci/admin/network/firewall/rules API endpoint, specifically in the "Open ports on router", "New forward rule", and "New Source NAT" fields. Thi...

PT-2019-15744 · Tp Link +1 · Tp-Link Archer C7 +1

Name of the Vulnerable Software and Affected Versions: OpenWrt version 18.06.4 Description: The issue allows for XSS via the "New port forward" Name field to the "cgi-bin/luci/admin/network/firewall/forwards" URI. This can occur on devices such as the TP-Link Archer C7. Recommendations: For OpenW...

OpenWrt ustream-ssl library information disclosure vulnerability (CNVD-2019-42439)

OpenWrt is a Linux operating system for embedded devices. ustream-ssl is one of the cryptographic libraries. The ustream-ssl library in OpenWrt version 18.06.4 and 15.05.1 is vulnerable to an information disclosure vulnerability that can be exploited by an attacker to attack vulnerable components...

OpenWrt ustream-ssl library information disclosure vulnerability

OpenWrt is a Linux operating system for embedded devices. ustream-ssl is one of the cryptographic libraries. The ustream-ssl library in OpenWrt version 18.06.4 and 15.05.1 is vulnerable to an information disclosure vulnerability that can be exploited by an attacker to obtain sensitive information...