CVE-2020-10871

In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other more complex ways...

CVE-2019-12272

In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidthstatus and admin/status/realtime/wirelessstatus of the web application are affected by a command injection vulnerability...

EUVD-2021-20130

Malware in sbrugna...

EUVD-2022-44628

Malicious code in bioql PyPI...

CVE-2024-51240

An issue in the luci-mod-rpc package in OpenWRT Luci LTS allows for privilege escalation from an admin account to root via the JSON-RPC-API, which is exposed by the luci-mod-rpc package...

CVE-2022-41435

OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting XSS vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public key comments...

CVE-2024-51240

CVE-2024-51240 affects the luci-mod-rpc component of OpenWRT Luci LTS, enabling privilege escalation from an admin user to root via the JSON-RPC-API exposed by luci-mod-rpc. OpenVAS details cite a CVSSv3 base score of 7.7 (AV:A/AC:L/Au:S/C:C/I:C/A:C). Remediation status in the connected OpenWRT N...

OpenWrt LuCI 跨站脚本漏洞

OpenWrt LuCI is a graphical configuration interface for OpenWrt Linux distribution. A security vulnerability exists in OpenWrt LuCI, which was discovered to contain a stored cross-site scripting XSS vulnerability via the component /system/sshkeys.js...

CVE-2022-41435

OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting XSS vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public key comments...

OpenWrt LuCI 跨站脚本漏洞

OpenWrt LuCI is a graphical configuration interface for OpenWrt Linux distribution. A cross-site scripting vulnerability exists in the OpenWrt LuCI git-22.140.66206-02913be version, which stems from the discovery of a stored cross-site scripting XSS vulnerability contained in the component...

PT-2022-5792 · Dropbear +3 · Dropbear +3

Name of the Vulnerable Software and Affected Versions: OpenWrt LuCI version git-22.140.66206-02913be Description: The issue is related to a stored cross-site scripting XSS vulnerability in the /system/sshkeys.js component. This vulnerability allows attackers to execute arbitrary web scripts or HT...

CVE-2021-33425

A stored cross-site scripting XSS vulnerability was discovered in the Web Interface for OpenWRT LuCI version 19.07 which allows attackers to inject arbitrary Javascript in the OpenWRT Hostname via the Hostname Change operation...

CVE-2021-27821

The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability which can lead to attackers carrying out arbitrary code execution...

CVE-2021-33425

CVE-2021-33425 is a stored XSS in OpenWrt LuCI web interface (hostname change) affecting LuCI 19.07 series (19.07.0–19.07.7). The root cause is improper handling of the UCI hostname content in LuCI templates, allowing arbitrary JavaScript to be injected into the hostname field and reflected in th...

CVE-2021-27821

The CVE-2021-27821 entry concerns the Web Interface for OpenWrt LuCI (version 19.07 and earlier). It describes a cross-site scripting (XSS) vulnerability in the LuCI web interface that can lead to arbitrary code execution. Affected product/component: OpenWrt LuCI web interface up to v19.07. Under...

OpenWrt LuCI Web接口跨站脚本漏洞

OpenWrt LuCI is a graphical configuration interface for OpenWrt Linux distribution. A cross-site scripting vulnerability in the web interface of OpenWRT LuCI version 19.07 allows attackers to inject arbitrary Javascript into OpenWRT hostnames via a hostname change operation...

OpenWrt LuCI 跨站脚本漏洞

OpenWrt LuCI is a graphical configuration interface for OpenWrt Linux distribution. A cross-site scripting vulnerability exists in OpenWRT LuCI version 19.07 and earlier, which can be exploited by an attacker to execute arbitrary code...

PT-2020-12389 · Openwrt · Openwrt Luci

Name of the Vulnerable Software and Affected Versions: OpenWrt LuCI versions git-20.x Description: The issue allows remote unauthenticated attackers to retrieve the list of installed packages and services. The vendor disputes the significance of this report, stating that the same information is...

OpenWrt LuCI Input Validation Vulnerability

OpenWrt LuCI is a graphical configuration interface for OpenWrt. An input validation vulnerability exists in OpenWrt LuCI admin/status/realtime/bandwidthstatus and admin/status/realtime/wirelessstatus, which could be exploited by remote attackers to submit a special request that could execute...