OpenWrt LuCI Web接口跨站脚本漏洞

OpenWrt LuCI is a graphical configuration interface for OpenWrt Linux distribution. A cross-site scripting vulnerability in the web interface of OpenWRT LuCI version 19.07 allows attackers to inject arbitrary Javascript into OpenWRT hostnames via a hostname change operation...

The vulnerability of the implementation of the automatic update server method for domain names in the Dynamic DNS system, in the embedded operating system OpenWrt, allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the implementation of the automatic update server method in Dynamic DNS systems for domain names in the OpenWrt embedded operating system is related to the lack of security measures for the web page structure. Exploiting this vulnerability allows a remote attacker to compromi...

OpenWrt Command Injection Vulnerability

OpenWrt is a Linux distribution for embedded devices. A command injection vulnerability exists in applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07. A remote authenticated user can exploit this vulnerability to inject arbitrary commands via a POST...

CVE-2021-28961

applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests...

CVE-2021-28961

applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests...

Command injection

applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests...

CVE-2021-28961

applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests...

CVE-2021-28961

The CVE-2021-28961 vulnerability affects OpenWrt’s luci-app-ddns, specifically the detail.lua in the DDNS package. The issue allows remote authenticated users to inject arbitrary commands via POST requests to the OpenWrt 19.07 range, due to unvalidated input in detail.lua. Multiple connected sour...

PT-2021-2490 · Openwrt · Openwrt

Name of the Vulnerable Software and Affected Versions: OpenWrt 19.07 Description: The issue is related to the DDNS package in OpenWrt 19.07, where the detail.lua file allows remote authenticated users to inject arbitrary commands via POST requests to the /cgi-bin/luci API endpoint, specifically t...

OpenWrt 操作系统命令注入漏洞

OpenWrt is a Linux distribution for embedded devices. A command injection vulnerability exists in applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07. A remote authenticated user can exploit this vulnerability to inject arbitrary commands via a POST...

CVE-2021-22161

In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix...

CVE-2021-22161

In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix...

Design/Logic Flaw

In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix...

CVE-2021-22161

CVE-2021-22161 affects OpenWrt 19.07.x prior to 19.07.7. When IPv6 is enabled, a routing loop can occur because a router advertisement with a global unique prefix and the on-link flag causes a point-to-point link’s prefix route to misroute traffic back to the upstream router, generating excessive...

CVE-2021-22161

In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix...

OpenWrt Security Vulnerabilities

OpenWrt is a Linux operating system for embedded devices. A security vulnerability exists in OpenWrt 19.07.x before 19.07.7, which stems from the fact that when IPv6 is used, a routing loop may be created that generates excessive network traffic between an affected device and the router of its...

PT-2021-14880 · Odhcp6C +2 · Odhcp6C +2

Name of the Vulnerable Software and Affected Versions: OpenWrt versions 19.07.x through 19.07.6 Description: A routing loop can occur when IPv6 is used, generating excessive network traffic between an affected device and its upstream ISP's router. This happens when a link prefix route points to a...

Security Advisory 2021-02-02-2 - wolfSSL heap buffer overflow in RsaPad_PSS (CVE-2020-36177)

DESCRIPTION RsaPadPSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size. The issue is marked as critical with CVSS score of 9.8. REQUIREMENTS It's still work in progress, there is not that much information about it...

CVE-2020-13859

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management interfac...

Design/Logic Flaw

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management interfac...