542 matches found
CVE-2020-13859
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management interfac...
CVE-2020-13859
CVE-2020-13859 affects Mofi Network MOFI4500-4GXeLTE devices running 4.0.8-std. A format error in /etc/shadow plus a logic bug in the LuCI/OpenWrt configuration interface enables the undocumented user account “mofidev” to access cgi-bin/luci/quick/wizard without a password via a forgotten-passwor...
CVE-2019-25015
LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID...
CVE-2019-25015
LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID...
Cross site scripting
LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID...
OpenWrt Cross-Site Scripting Vulnerability
OpenWrt is a Linux operating system for embedded devices. A cross-site scripting vulnerability exists in OpenWrt 18.06.0 through 18.06.4, which could allow an attacker to steal sensitive information...
CVE-2019-25015
LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID...
CVE-2019-25015
CVE-2019-25015 affects LuCI in OpenWrt 18.06.0–18.06.4, enabling stored XSS via a crafted SSID. The vulnerability lies in LuCI's web interface handling SSID input, allowing an attacker to inject script that persists in the page. Multiple connected sources confirm the issue and reference a commit ...
PT-2021-7934 · Luci +1 · Luci +1
Name of the Vulnerable Software and Affected Versions: OpenWrt versions 18.06.0 through 18.06.4 Description: The issue is related to a stored XSS vulnerability in LuCI, a component of OpenWrt. This vulnerability can be exploited via a crafted SSID, potentially allowing a remote attacker to perfor...
Attackers Steal E-Mails, Info from OpenWrt Forum
The forum supporting the community for OpenWrt suffered a security breach over the weekend, giving hackers access to e-mail addresses, user handles and additional private forum user information. Those that maintain the forum for the Linux-based open-source firmware said the forum was breached in...
Security Advisory 2021-01-19-1 - dnsmasq multiple vulnerabilities (CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25687)
DESCRIPTION Dnsmasq has two sets of vulnerabilities, one set of memory corruption issues handling DNSSEC and a second set of issues validating DNS responses. These vulnerabilities could allow an attacker to corrupt memory on the target device and perform cache poisoning attacks against the target...
The vulnerability of the libuci library in the embedded operating system OpenWrt allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the libuci library in the embedded operating system OpenWrt relates to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
Security Advisory 2021-01-17-1 - OpenWrt forum break-in on 16-Jan-2021
DESCRIPTION Around 0400 GMT on 16 Jan 2021, an administrator account on the OpenWrt forum https://forum.openwrt.org was breached. It is not known how the account was accessed: the account had a good password, but did not have two-factor authentication enabled. The intruder was able to download a...
Denial of Service Vulnerability in OpenWrt
OpenWRT is a highly modular, highly automated embedded Linux system with powerful networking components and extensibility that is often used in industrial control devices, telephones, small robots, smart homes, routers, and VOIP devices. A denial of service vulnerability exists in OpenWrt, which...
Security Advisory 2020-12-09-2 - libuci import heap use after free (CVE-2020-28951)
DESCRIPTION Possibly exploitable vulnerability was found in Unified Config Interface UCI library named libuci, specifically in uciimport C API function. CVE-2020-28951 has been assigned to this issue. API: Application Programming Interface REQUIREMENTS In order to exploit this vulnerability a...
Security Advisory 2020-12-09-1 - Linux kernel - ICMP rate limiting can be used to facilitate DNS poisoning attack (CVE-2020-25705)
DESCRIPTION A flaw has been found in the ICMP rate limiting algorithm of the Linux kernel. This flaw allows an off-path attacker to quickly determine open ephemeral ports that are used by applications making outbound connections. This can be exploited by an off-path attacker to more easily perfor...
OpenWrt Web UI Detection.
Binary data openwrtwebuidetect.nbin...
OpenWrt < 18.06.2 XSS (direct check)
Binary data openwrtcve201819630.nbin...
CVE-2020-28951
libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uciparsepackage in file.c and ucistrdup in util.c...
CVE-2020-28951
libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uciparsepackage in file.c and ucistrdup in util.c...