3 matches found
CVE-2026-61875
The vulnerability is in luci-app-upnp (OpenWrt LuCI) and is a stored cross-site scripting (XSS) flaw in the UPnP IGD AddPortMapping SOAP request. An unauthenticated LAN client can submit malicious HTML in the NewPortMappingDescription field; miniupnpd stores it and luci-app-upnp renders it withou...
PT-2026-57559
Name of the Vulnerable Software and Affected Versions luci-app-upnp affected versions not specified Description Stored cross-site scripting occurs when unauthenticated LAN clients inject JavaScript through UPnP IGD AddPortMapping SOAP requests. The issue arises because the NewPortMappingDescripti...
CVE-2026-7069
CVE-2026-7069 affects D-Link DIR-825 (up to firmware 3.00b32) via the miniupnpd file and its AddPortMapping function in upnpsoap.c. A buffer overflow is triggered by manipulating the NewPortMappingDescription argument, with the attack executable over the local network. Public exploit activity is ...