Lucene search
K

8 matches found

NVD
NVD
added yesterday5 views

CVE-2026-62948

OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, odhcpd writes a DHCPv6 client FQDN option 39 hostname into /tmp/odhcpd.leases through src/statefiles.c statefileswritestate6 and statefileswritestate4 without escaping, allowing newline injection of forged lease lin...

9.6CVSS
Exploits0References5
CVE
CVE
added yesterday8 views

CVE-2026-62948

OpenWrt odhcpd/LuCI vulnerability CVE-2026-62948: Before 25.12.5, the DHCPv6 client FQDN option 39 hostname is written into /tmp/odhcpd.leases without escaping, allowing newline injection of forged lease lines. LuCI displays these lines in the Active DHCPv6 Leases page via rpcd-mod-luci getDHCPLe...

9.6CVSS6.1AI score
Exploits0References5
NVD
NVD
added 2018/01/04 7:29 p.m.25 views

CVE-2017-17867

Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the...

9CVSS8.8AI score0.11075EPSS
Exploits5References3
ATTACKERKB
ATTACKERKB
added 2018/01/04 7:29 p.m.2 views

CVE-2017-17867

Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the...

9CVSS6AI score0.11075EPSS
Exploits5References5
OSV
OSV
added 2018/01/04 7:29 p.m.4 views

CVE-2017-17867

Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the...

8.8CVSS6.1AI score0.11075EPSS
Exploits5References3
Prion
Prion
added 2018/01/04 7:29 p.m.16 views

Design/Logic Flaw

Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the...

9CVSS8.7AI score0.11075EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2018/01/04 7:0 p.m.29 views

CVE-2017-17867

Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the...

8.8AI score0.11075EPSS
Exploits5References3
CVE
CVE
added 2018/01/04 7:0 p.m.62 views

CVE-2017-17867

CVE-2017-17867 concerns Inteno IOPSYS devices (2.0–3.14 and 4.0) where remote authenticated users can execute arbitrary OS commands by manipulating the leasetrigger field in the odhcpd config via an SMB share, due to insufficient protection of OpenWrt config (not using /etc/uci-defaults). Connect...

9CVSS8.7AI score0.11075EPSS
Exploits5References3Affected Software1
Rows per page
Query Builder