CVE-2024-51240

An issue in the luci-mod-rpc package in OpenWRT Luci LTS allows for privilege escalation from an admin account to root via the JSON-RPC-API, which is exposed by the luci-mod-rpc package...

CVE-2023-38320

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a showpreauthpage NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing User-Agent header. Triggering this issue results in crashing OpenNDS a Denial-of-Service condition. This problem...

CVE-2023-38314

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer dereference in preauthenticated that can be triggered with a crafted GET HTTP request with a missing redirect query string parameter. Triggering this issue results in crashing OpenNDS a Denial-of-Servic...

CVE-2023-24182

LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a stored cross-site scripting XSS vulnerability via the component /system/sshkeys.js...

CVE-2023-30312

An issue discovered in OpenWrt 18.06, 19.07, 21.02, 22.03, and beyond allows off-path attackers to hijack TCP sessions, which could lead to a denial of service, impersonating the client to the server e.g., for access to files over FTP, and impersonating the server to the client e.g., to deliver...

CVE-2023-38324

An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence and directly authenticate when it is using the default FAS key and OpenNDS is configured as FAS. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and...

CVE-2023-24181

LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /openvpn/pageswitch.htm...

CVE-2022-41435

OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting XSS vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public key comments...

CVE-2021-32019

There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP...

CVE-2021-28961

applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests...

CVE-2020-11968

In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a required step for settin...

CVE-2020-11965

In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a required step fo...

CVE-2020-28951

libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uciparsepackage in file.c and ucistrdup in util.c...

CVE-2020-11964

In IQrouter through 3.3.1, the Lua function diagsetpassword in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a...

CVE-2019-5101

An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by...

CVE-2019-5102

An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by...

CVE-2019-15513

An issue was discovered in OpenWrt libuci aka Library for the Unified Configuration Interface before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang...

CVE-2019-25015

LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID...

CVE-2019-19945

uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked" and a large...

CVE-2019-17367

OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/...