Lucene search
K

17 matches found

EUVD
EUVD
added 2026/06/29 6:16 p.m.7 views

EUVD-2026-40172

luci-proto-openvpn through 0.11.1, fixed in commit e4ff45e, contains a command injection vulnerability in the generateKey ubus method where the clmeta parameter is interpolated into a shell command without proper escaping or quoting. An authenticated LuCI user with OpenVPN protocol configuration...

8.8CVSS6AI score0.01401EPSS
Exploits0References3
OSV
OSV
added 2026/01/08 4:15 p.m.6 views

CVE-2025-67090

The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint /cgi-bin/luci. An unauthenticated attacker on the local netwo...

5.1CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.10 views

PT-2026-1872

Name of the Vulnerable Software and Affected Versions GL.Inet GL.Inet AX1800 versions 4.6.4 and 4.6.8 Description An issue exists in the GL.iNet custom opkg wrapper script located at /usr/libexec/opkg-call within the GL.Inet AX1800. The script operates with root privileges when activated through...

6.5CVSS6.7AI score0.02981EPSS
Exploits1References7
CVE
CVE
added 2026/01/08 12:0 a.m.9 views

CVE-2025-67091

CVE-2025-67091 affects GL.iNet AX1800 firmware versions 4.6.4 and 4.6.8 . The issue lies in the GL.iNet custom opkg wrapper script at /usr/libexec/opkg-call , which runs with root privileges when triggered via the LuCI web interface or authenticated API calls to manage packages. Vulnerable code u...

6.5CVSS6.7AI score0.02981EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/01/08 12:0 a.m.22 views

CVE-2025-67090

The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint /cgi-bin/luci. An unauthenticated attacker on the local netwo...

0.00214EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-18886

Malware in sbrugna...

6.1CVSS6.2AI score0.00581EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/09/16 12:0 a.m.9 views

The vulnerability of the LuCI interface in the embedded operating system OpenWrt, which allows a hacker to perform XSS attacks.

The vulnerability of the LuCI interface in the embedded operating system OpenWrt is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

6.1CVSS6.2AI score0.00581EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/16 12:0 a.m.10 views

The vulnerability in the web interface of the LuCI, a built-in operating system called OpenWrt, allows attackers to execute cross-site scripting attacks.

The vulnerability in the LuCI web interface of the embedded operating system OpenWrt is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

5.5CVSS5.6AI score0.00555EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2021/12/23 12:0 a.m.5 views

PT-2021-6033 · Luci +1 · Luci +1

Name of the Vulnerable Software and Affected Versions: OpenWrt version 21.02.1 Description: The issue is related to a lack of protection for the web page structure in the NAT Rules Name screen of the LuCI configuration web interface in OpenWrt. This can be exploited by a remote attacker to perfor...

5.8CVSS5.2AI score0.00515EPSS
Exploits1References10
CNVD
CNVD
added 2021/08/03 12:0 a.m.52 views

OpenWrt Cross-Site Scripting Vulnerability

OpenWrt is a Linux operating system for embedded devices. A cross-site scripting vulnerability exists in the OpenWrt luci web-interface, which stems from insufficient cleanup of user-supplied data when processing hostnames in the OpenWrt luci web-interface. A remote attacker could inject and...

6.1CVSS1.6AI score0.00581EPSS
Exploits0References1
CVE
CVE
added 2021/08/02 8:35 p.m.57 views

CVE-2021-32019

CVE-2021-32019 corresponds to a cross-site scripting (XSS) vulnerability in the OpenWrt LuCI web-interface, caused by missing input validation when processing host names on the Connection Status page. The issue allows an attacker to inject and execute HTML/script in the user’s browser, with the n...

6.1CVSS6.6AI score0.00581EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/08/02 8:35 p.m.26 views

CVE-2021-32019

There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP...

6.9AI score0.00581EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/08/02 12:0 a.m.5 views

PT-2021-7935 · Openwrt · Openwrt

Name of the Vulnerable Software and Affected Versions: OpenWrt versions prior to 19.07.8 Description: The issue is related to missing input validation of host names displayed in OpenWrt, which allows for XSS attacks on the Connection Status page of the luci web-interface. This can be exploited to...

6.1CVSS6.1AI score0.00581EPSS
Exploits0References7
OSV
OSV
added 2020/03/23 8:15 p.m.6 views

CVE-2020-10871

In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other more complex ways...

5.3CVSS6.1AI score0.01679EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2014/10/14 4:11 a.m.31 views

Moderate: Red Hat Security Advisory: luci security, bug fix, and enhancement update

Updated luci packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

6CVSS6.2AI score0.01363EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2013/01/08 4:31 a.m.7 views

conga: insecure handling of luci web interface sessions

It was discovered that luci stored usernames and passwords in session cookies. This issue prevented the session inactivity timeout feature from working correctly, and allowed attackers able to get access to a session cookie to obtain the victim's authentication credentials...

3.7CVSS5.8AI score0.0034EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2007/11/21 9:51 p.m.25 views

Moderate: Red Hat Security Advisory: conga security, bug fix, and enhancement update

Packages have been updated to include PowerPC and xenU packages. Updated conga packages that fix a security flaw, several bugs, and add enhancements are now available for Red Hat Cluster Suite. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Th...

5CVSS5.8AI score0.01745EPSS
Exploits0References13
Rows per page
Query Builder