2 matches found
Security Advisory 2021-08-01-1 - XSS via missing input validation of host names displayed (CVE-2021-32019)
DESCRIPTION Missing input validation of host names displayed in OpenWrt LuCI web-interface leads to Cross-site scripting, which can be used to gain full control over the affected system. REQUIREMENTS Users need to visit the LuCI “Connection status” page of the router and activate the host name...
PT-2019-5515 · Openwrt · Openwrt
Name of the Vulnerable Software and Affected Versions: OpenWrt versions 18.06.0 through 18.06.5 OpenWrt versions 19.0 through 19.07.0-rc2 Description: The issue is related to an integer signedness error in the uhttpd function of the OpenWrt embedded operating system, which can lead to out-of-boun...