541 matches found
CVE-2019-5101
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by...
CVE-2019-5101
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by...
Information disclosure
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by...
Information disclosure
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by...
CVE-2019-5102
OpenWrt ustream-ssl information disclosure (CVE-2019-5102) affects OpenWrt 18.06.4 and 15.05.1. The ustream-ssl library does not properly terminate or validate server certificates, allowing a man-in-the-middle to intercept data on the first request despite certificate checks. Talos notes this beh...
CVE-2019-5102
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by...
CVE-2019-5101
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by...
CVE-2019-5101
OpenWrt vulnerability CVE-2019-5101 affects the ustream-ssl library (used by tools like wget) in OpenWrt 18.06.4 and 15.05.1. The issue allows information disclosure via MITM because the server certificate is checked but no action is taken for invalid certificates; after SSL initialization and in...
OpenWrt ustream-ssl library information disclosure vulnerability
OpenWrt is a Linux operating system for embedded devices. ustream-ssl is one of the cryptographic libraries. The ustream-ssl library in OpenWrt version 18.06.4 and 15.05.1 is vulnerable to an information disclosure vulnerability that can be exploited by an attacker to obtain sensitive information...
OpenWrt ustream-ssl certificate verification information leak vulnerability
Talos Vulnerability Report TALOS-2019-0893 OpenWrt ustream-ssl certificate verification information leak vulnerability November 15, 2019 CVE Number CVE-2019-5101,CVE-2019-5102 SUMMARY An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and...
Security Advisory 2019-11-05-2 - LuCI CSRF vulnerability (CVE-2019-17367)
DESCRIPTION A logic flaw in LuCI's HTTP routing component led to ineffective CSRF token testing for various request endpoints, specifically ones using the arcombine dispatch action. This allows 3rd party web pages running in the same browser session as an active LuCI login session to perform...
Security Advisory 2019-11-05-3 - ustream-ssl information disclosure (CVE-2019-5101, CVE-2019-5102)
DESCRIPTION An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a...
Security Advisory 2019-11-05-1 - LuCI stored XSS
DESCRIPTION A vulnerability has been reported in LuCI which allows injection of script code through maliciously crafted wireless network SSIDs. When joining a wireless network by clicking Network → Wireless → Join, the subsequent configuration view interprets the SSID of the network to join witho...
OpenWrt Cross-Site Request Forgery Vulnerability
OpenWrt LuCI is a graphical configuration interface for OpenWrt Linux distribution. A cross-site request forgery vulnerability exists in OpenWrt LuCI, which stems from a WEB application that does not adequately validate whether a request is coming from a trusted user, and can be exploited by an...
CVE-2019-17367
OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/...
CVE-2019-17367
OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/...
Cross site request forgery (csrf)
OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/...
CVE-2019-17367
OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/...
CVE-2019-17367
CVE-2019-17367 is a CSRF vulnerability in OpenWrt LuCI affecting OpenWrt 18.06.0–18.06.4. A logic flaw in LuCI’s HTTP routing led to ineffective CSRF token testing for endpoints (including arcombine()-based dispatch) under /cgi-bin/luci/admin/network/. This permits a malicious site to cause unint...
PT-2019-5517 · Openwrt · Openwrt
Name of the Vulnerable Software and Affected Versions: OpenWrt versions 15.05.1 through 18.06.4 Description: The issue is related to errors in the certificate authentication procedure of the Ustream-SSL library in OpenWrt. This can be exploited by a remote attacker to perform a man-in-the-middle...