CVE-2026-30871 OpenWrt Project has Stack-based Buffer Overflow in DNS PTR Query

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the parsequestion function. The issue is triggered by PTR queries for reverse DNS domains .in-addr.arpa and .ip6.arp...

EUVD-2026-13247

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the parsequestion function. The issue is triggered by PTR queries for reverse DNS domains .in-addr.arpa and .ip6.arp...

CVE-2026-30871

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the parsequestion function. The issue is triggered by PTR queries for reverse DNS domains .in-addr.arpa and .ip6.arp...

CVE-2026-30871 OpenWrt Project has Stack-based Buffer Overflow in DNS PTR Query

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the parsequestion function. The issue is triggered by PTR queries for reverse DNS domains .in-addr.arpa and .ip6.arp...

CVE-2026-30871 OpenWrt Project has Stack-based Buffer Overflow in DNS PTR Query

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the parsequestion function. The issue is triggered by PTR queries for reverse DNS domains .in-addr.arpa and .ip6.arp...

CVE-2026-30871

OpenWrt mdns daemon vulnerability (CVE-2026-30871) affects versions prior to 24.10.6 and 25.12.1. A stack-based buffer overflow in parse_question is triggered by PTR queries (reverse DNS: .in-addr.arpa and .ip6.arpa). DNS packets received on UDP port 5353 are expanded by dn_expand into an 8096-by...

PT-2026-26432

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplug call function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...

PT-2026-26381

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the match ipv6 addresses function, triggered when processing PTR queries for IPv6 reverse DNS domains .ip6.arpa...

PT-2026-26450

Name of the Vulnerable Software and Affected Versions LuCI versions prior to 24.10.5 and 25.12.0 Description LuCI, the OpenWrt Configuration Interface, is affected by a stored Cross-Site Scripting XSS issue within the wireless scan modal. The system renders SSID values from scan results as raw HT...

PT-2026-26382

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jp get token function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting string literals, field...

OpenWrt 安全漏洞

OpenWrt is an open-source Linux operating system designed for embedded devices. Versions prior to OpenWrt 24.10.6 and 25.12.1 contained security vulnerabilities. These vulnerabilities were caused by a stack buffer overflow in the parsequestion function of the mdns daemon, which could lead to remo...

OpenWrt 安全漏洞

OpenWrt is an open-source Linux operating system designed for embedded devices. Versions prior to OpenWrt 24.10.6 and 25.12.1 contained security vulnerabilities. These vulnerabilities were caused by a stack buffer overflow in the matchipv6addresses function of the mdns daemon, which could lead to...

OpenWrt 安全漏洞

OpenWrt is an open-source Linux operating system designed for embedded devices. Versions prior to OpenWrt 24.10.6 and 25.12.1 contained security vulnerabilities. These vulnerabilities were caused by a memory leak in the jpgettoken function, which could lead to resource exhaustion...

OpenWrt 安全漏洞

OpenWrt is an open-source Linux operating system designed for embedded devices. Versions of OpenWrt prior to 24.10.6 contained security vulnerabilities. These vulnerabilities were caused by a bypass of environment variable filtering in the hotplugcall function, which could lead to privilege...

OpenWrt LuCI 跨站脚本漏洞

OpenWrt LuCI is a graphical configuration interface for OpenWRT, an open-source operating system. Versions of OpenWrt LuCI prior to 24.10.5 and 25.12.0 had a cross-site scripting vulnerability. This vulnerability stemmed from a storage-based cross-site scripting issue in the wireless scanning...

PT-2026-26380

Name of the Vulnerable Software and Affected Versions OpenWrt Project versions prior to 24.10.6 and versions prior to 25.12.1 Description The OpenWrt Project, a Linux operating system for embedded devices, is affected by a Stack-based Buffer Overflow in the mdns daemon. The issue resides within t...

PT-2026-25912

@securityweekly @anton chuvakin Good research. But about CVE-2026-32290 – GL-iNet Comet KVM insufficient verification of firmware authenticity… isn’t it the whole point of these devices that you could just run your own firmware opensource on it also? Like openwrt...

Nodogsplash - Directory Traversal

Nodogsplash product was affected by a directory traversal vulnerability that also impacted the OpenWrt product. This vulnerability was addressed in Nodogsplash version 5.0.1. Exploiting this vulnerability, remote attackers could read arbitrary files from the target system. id: CVE-2023-39120 info...

CVE-2021-33425

A stored cross-site scripting XSS vulnerability was discovered in the Web Interface for OpenWRT LuCI version 19.07 which allows attackers to inject arbitrary Javascript in the OpenWRT Hostname via the Hostname Change operation...

CVE-2021-22161

In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix...