5 matches found
CVE-2021-32019
There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP...
OpenWRT < 19.07.8 Multiple Vulnerabilities
OpenWRT is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2021-32019
There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP...
CVE-2021-32019
CVE-2021-32019 corresponds to a cross-site scripting (XSS) vulnerability in the OpenWrt LuCI web-interface, caused by missing input validation when processing host names on the Connection Status page. The issue allows an attacker to inject and execute HTML/script in the user’s browser, with the n...
Security Advisory 2021-08-01-1 - XSS via missing input validation of host names displayed (CVE-2021-32019)
DESCRIPTION Missing input validation of host names displayed in OpenWrt LuCI web-interface leads to Cross-site scripting, which can be used to gain full control over the affected system. REQUIREMENTS Users need to visit the LuCI “Connection status” page of the router and activate the host name...