Lucene search
+L

427 matches found

cve
cve
added 2026/06/07 2:15 a.m.58 views

CVE-2026-11449

GL.iNet GL-MT3000 (v4.4.5) is affected by a remote command injection in LuCI JSON-RPC Interface, via the rpc_sys function in /cgi-bin/luci/rpc. Root cause is not explicitly stated beyond the vulnerability description; CVSS metrics in the connected sources indicate MEDIUM severity (CVSSv3.1 base 6...

6.5CVSS6.2AI score0.01102EPSS
Exploits0References6
cnnvd
cnnvd
added 2026/06/07 12:0 a.m.11 views

GL.iNet GL-MT3000 命令注入漏洞

GL.iNet GL-MT3000 is a portable travel router from the company GL.iNet, which supports Wi-Fi 6 and VPN functions. Version 4.4.5 of GL.iNet GL-MT3000 has a command injection vulnerability. This vulnerability stems from a problem with the function “rpcsys” in the LuCI JSON-RPC Interface component...

6.5CVSS6.4AI score0.01102EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/07 12:0 a.m.30 views

PT-2026-47170

A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpc sys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version...

6.5CVSS6.2AI score0.01102EPSS
Exploits0References7
nvd
nvd
added 2026/05/26 3:16 p.m.18 views

CVE-2026-46368

luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user...

8.8CVSS0.06582EPSS
Exploits0References3
cvelist
cvelist
added 2026/05/26 2:8 p.m.40 views

CVE-2026-46368 luci-app-https-dns-proxy Authenticated Command Injection via setInitAction

luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user...

8.8CVSS0.06582EPSS
Exploits0References3
euvd
euvd
added 2026/05/26 2:8 p.m.13 views

EUVD-2026-31836

luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user...

8.8CVSS6.1AI score0.06582EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/05/26 2:8 p.m.10 views

CVE-2026-46368

luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user...

8.8CVSS6.1AI score0.06582EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/05/26 2:8 p.m.10 views

CVE-2026-46368 luci-app-https-dns-proxy Authenticated Command Injection via setInitAction

luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user...

8.8CVSS6.1AI score0.06582EPSS
Exploits0References3
cve
cve
added 2026/05/26 2:8 p.m.63 views

CVE-2026-46368

CVE-2026-46368 affects the OpenWrt luci-app-https-dns-proxy package (not Core OpenWrt). The vulnerability is a command injection in setInitAction via a ubus RPC call; an authenticated user with the luci.https-dns-proxy ACL can inject shell metacharacters through the 'name' parameter, enabling arb...

8.8CVSS6.1AI score0.06582EPSS
Exploits0References3
osv
osv
added 2026/05/26 2:8 p.m.4 views

CVE-2026-46368 luci-app-https-dns-proxy Authenticated Command Injection via setInitAction

luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user...

8.7CVSS6.2AI score0.06582EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/05/26 12:0 a.m.27 views

PT-2026-43259

luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user...

8.8CVSS6.1AI score0.06582EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/03/27 2:23 p.m.9 views

CVE-2021-27821

The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability which can lead to attackers carrying out arbitrary code execution...

6.1CVSS7AI score0.00586EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/03/26 3:15 p.m.9 views

CVE-2026-4537

A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function actionipsecconn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly...

5.8CVSS5AI score0.10296EPSS
Exploits0References1
euvd
euvd
added 2026/03/22 6:30 a.m.4 views

EUVD-2026-14277

A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function actionipsecconn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly...

5.8CVSS5.6AI score0.10296EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/03/22 4:2 a.m.3 views

CVE-2026-4537 Cudy TR1200 ipsec.lua action_ipsec_conn command injection

A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function actionipsecconn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly...

5.8CVSS5AI score0.10296EPSS
Exploits0References4
nvd
nvd
added 2026/03/19 11:16 p.m.8 views

CVE-2026-32721

LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passe...

8.6CVSS0.00239EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/03/19 10:46 p.m.2 views

CVE-2026-32721 LuCI luci-mod-network: Possible XSS attack in WiFi scan on Joining Wireless Client modal

LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passe...

8.6CVSS5.8AI score0.00239EPSS
Exploits0References3
cve
cve
added 2026/03/19 10:46 p.m.37 views

CVE-2026-32721

LuCI (OpenWrt configuration interface) is affected by a stored XSS in the wireless scan modal within luci-mod-network. The vulnerability arises because SSIDs from scan results are rendered as raw HTML via innerHTML in wireless.js when passed to dom.append(), allowing a malicious SSID to execute a...

8.6CVSS5.8AI score0.00239EPSS
Exploits0References3Affected Software2
attackerkb
attackerkb
added 2026/03/19 10:46 p.m.3 views

CVE-2026-32721

LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passe...

8.6CVSS5.8AI score0.00239EPSS
Exploits0References4Affected Software1
euvd
euvd
added 2026/03/19 10:46 p.m.9 views

EUVD-2026-13382

LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passe...

8.6CVSS5.8AI score0.00239EPSS
Exploits0References3
Rows per page
Query Builder