EUVD-2026-13249

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the matchipv6addresses function, triggered when processing PTR queries for IPv6 reverse DNS domains .ip6.arpa receiv...

CVE-2022-38333

Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function headervalue. This vulnerability allows attackers to access sensitive information via a crafted HTTP request...

CVE-2019-18993

OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI this can occur, for example, on a TP-Link Archer C7 device...

CVE-2020-7982

An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary...

Linux Distros Unpatched Vulnerability : CVE-2025-62525

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, local users could read and write arbitrary kernel memory using...

CVE-2025-62526

OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, ubusd contains a heap buffer overflow in the event registration parsing code. This allows an attacker to modify the head and potentially execute arbitrary code in the context of the ubus daemon. The...

EUVD-2025-35592

OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, local users could read and write arbitrary kernel memory using the ioctls of the ltq-ptm driver which is used to drive the datapath of the DSL line. This only effects the lantiq target supporting...

PT-2025-43010

Name of the Vulnerable Software and Affected Versions OpenWrt versions prior to 24.10.4 Description OpenWrt Project is a Linux operating system designed for embedded devices. A flaw exists where local users can read and write to arbitrary kernel memory using the ioctls of the ltq-ptm driver, whic...

EUVD-2019-9533

Malware in sbrugna...

EUVD-2019-8646

Malware in sbrugna...

EUVD-2020-21337

Malware in sbrugna...

EUVD-2020-28898

Malware in sbrugna...

EUVD-2019-14707

Malware in sbrugna...

EUVD-2018-11315

Malware in sbrugna...

EUVD-2022-40923

Malicious code in bioql PyPI...

EUVD-2023-28243

Malicious code in bioql PyPI...

EUVD-2021-32619

Malicious code in bioql PyPI...

CVE-2021-32019

There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP...

CVE-2020-28951

libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uciparsepackage in file.c and ucistrdup in util.c...

Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

A security flaw has been disclosed in OpenWrt's Attended Sysupgrade ASU feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical...