CVE-2021-27821

The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability which can lead to attackers carrying out arbitrary code execution...

CVE-2026-32721 LuCI luci-mod-network: Possible XSS attack in WiFi scan on Joining Wireless Client modal

LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passe...

CVE-2025-67090

The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint /cgi-bin/luci. An unauthenticated attacker on the local netwo...

CVE-2025-67090

GL.iNet AX1800 devices running firmware 4.6.4 or 4.6.8 are affected by CVE-2025-67090 due to lack of rate limiting or account lockout on the LuCI authentication endpoint (/cgi-bin/luci). This allows an unauthenticated attacker on the local network to perform unlimited password attempts against th...

CVE-2025-67090

The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint /cgi-bin/luci. An unauthenticated attacker on the local netwo...

EUVD-2021-20130

Malware in sbrugna...

EUVD-2013-4346

Malware in sbrugna...

PT-2023-23005 · Unknown · X-Wrt Luci

Name of the Vulnerable Software and Affected Versions: X-WRT luci versions up to 22.10 b202303061504 Description: A problematic issue has been found in the 404 Error Template Handler component, affecting the function run action of the file modules/luci-base/ucode/dispatcher.uc. The manipulation o...

TP-Link TL-WVR and TL-WAR Arbitrary Command Execution Vulnerability

TP-Link TL-WVR and TL-WAR are both wireless router products from China P&L TP-LINK. A security vulnerability exists in the TP-Link TL-WVR and TL-WAR. The vulnerability can be exploited by a remote attacker to execute arbitrary commands by sending the admin/wportal command with shell metacharacter...

Command Injection Vulnerability in Multiple TP-Link Products (CNVD-2017-37955)

TP-Link TL-WVR and others are wireless router products from China P&L TP-LINK. A command injection vulnerability exists in multiple TP-Link products. The vulnerability can be exploited to execute arbitrary commands by sending the admin/interface command with shell metacharacters in the tbindif...