CVE-2022-41435

OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting XSS vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public key comments...

CVE-2022-41435

OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting XSS vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public key comments...

CVE-2022-41435

OpenWrt LuCI is affected by a stored XSS in the /system/sshkeys.js component of version git-22.140.66206-02913be. The vulnerability allows an attacker to execute arbitrary web scripts or HTML via crafted public key comments, with exploitation focusing on the LuCI Web UI. Root cause appears to be ...

Security Advisory 2022-10-17-1 - Multiple issues in mac80211 and cfg80211 (CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721 and CVE-2022-42722)

DESCRIPTION Multiple vulnerabilities were found in the Linux Kernel mac80211 and cfg80211 framework. OpenWrt takes the mac80211 and cfg80211 framework from the wireless backports project which copies it from a more recent Linux kernel version. These vulnerabilities are in the multi BSSID MBSSID...

Security Advisory 2022-10-04-1 - wolfSSL buffer overflow during a TLS 1.3 handshake (CVE-2022-39173)

DESCRIPTION In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow on server during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are...

The vulnerability of the header_value function in the embedded operating system OpenWrt allows a hacker to gain access to protected information.

The vulnerability of the headervalue function in the embedded operating system OpenWrt relates to the ability to read data beyond the buffer boundaries. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to protected information by sending a specially craft...

PT-2022-5792 · Dropbear +3 · Dropbear +3

Name of the Vulnerable Software and Affected Versions: OpenWrt LuCI version git-22.140.66206-02913be Description: The issue is related to a stored cross-site scripting XSS vulnerability in the /system/sshkeys.js component. This vulnerability allows attackers to execute arbitrary web scripts or HT...

OpenWRT < 22.03.0 Information Disclosure Vulnerability

OpenWRT is prone to a information disclosure vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

CVE-2022-38333

Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function headervalue. This vulnerability allows attackers to access sensitive information via a crafted HTTP request...

CVE-2022-38333

Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function headervalue. This vulnerability allows attackers to access sensitive information via a crafted HTTP request...

CVE-2022-38333

Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function headervalue. This vulnerability allows attackers to access sensitive information via a crafted HTTP request...

Design/Logic Flaw

Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function headervalue. This vulnerability allows attackers to access sensitive information via a crafted HTTP request...

CVE-2022-38333

Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function headervalue. This vulnerability allows attackers to access sensitive information via a crafted HTTP request...

CVE-2022-38333

OpenWrt before v21.02.3 and OpenWrt v22.03.0-rc6 contain two skip loops in the header_value() function, leading to information disclosure via a crafted HTTP request. The vulnerability is described across multiple sources (NVD/Red Hat and related feeds) with a CVSS v3.1 base score of 7.5 (HIGH, Ne...

PT-2022-4871 · Openwrt · Openwrt

Name of the Vulnerable Software and Affected Versions: Openwrt versions prior to 21.02.3 Openwrt version 22.03.0-rc6 Description: The issue is related to a buffer overflow vulnerability in the header value function, which allows attackers to access sensitive information via a crafted HTTP request...

OpenWrt 缓冲区错误漏洞

OpenWrt is a Linux operating system for embedded devices. A security vulnerability exists in OpenWrt versions prior to v21.02.3, v22.03.0-rc6, which stems from the inclusion of two skip loops in the function headervalue, which can be exploited by an attacker to access sensitive information via a...

OpenWRT < 19.07.6 Multiple dnsmasq Vulnerabilities

OpenWRT is prone to multiple vulnerabilities in dnsmasq. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

OpenWRT < 18.06.7, 19.x < 19.07.1 Multiple Vulnerabilities

OpenWRT is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OpenWRT < 19.07.9, 21.x < 21.02.2 Multiple Vulnerabilities

OpenWRT is prone to multiple cross-site scripting XSS vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

OpenWRT < 19.07.7 DoS Vulnerability

OpenWRT is prone to a denial of service DoS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...