Lucene search
K

555 matches found

The Hacker News
The Hacker News
added 2020/03/24 8:6 p.m.4 views

Critical RCE Bug Affects Millions of OpenWrt-based Network Devices

A cybersecurity researcher today disclosed technical details and proof-of-concept of a critical remote code execution vulnerability affecting OpenWrt , a widely used Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic. Tracked as...

8.1CVSS8.2AI score0.01588EPSS
Exploits3
The Hacker News
The Hacker News
added 2020/03/24 8:6 p.m.80 views

Critical RCE Bug Affects Millions of OpenWrt-based Network Devices

A cybersecurity researcher today disclosed technical details and proof-of-concept of a critical remote code execution vulnerability affecting OpenWrt, a widely used Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic. Tracked as...

8.1CVSS0.6AI score0.01588EPSS
Exploits3
CNVD
CNVD
added 2020/03/24 12:0 a.m.3 views

OpenWrt LuCI Information Disclosure Vulnerability

OpenWrt LuCI is a graphical configuration interface for OpenWrt Linux distribution. An information disclosure vulnerability exists in the OpenWrt LuCI git-20.x version, which can be exploited by remote attackers to retrieve a list of installed packages and services...

5.3CVSS6.4AI score0.01679EPSS
Exploits1References1
OSV
OSV
added 2020/03/23 8:15 p.m.6 views

CVE-2020-10871

In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other more complex ways...

5.3CVSS6.1AI score0.01679EPSS
Exploits1References3
NVD
NVD
added 2020/03/23 8:15 p.m.20 views

CVE-2020-10871

In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other more complex ways...

5.3CVSS5.3AI score0.01679EPSS
Exploits1References3
Prion
Prion
added 2020/03/23 8:15 p.m.24 views

Information disclosure

In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other more complex ways...

5CVSS5.3AI score0.01679EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2020/03/23 7:45 p.m.60 views

CVE-2020-10871

OpenWrt LuCI git-20.x contains an information disclosure vulnerability: remote, unauthenticated attackers can retrieve the list of installed packages and services. The vendor disputes the severity, noting the information is publicly obtainable by unauthenticated actors via other methods, and ther...

5.3CVSS5.3AI score0.01679EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/03/23 7:45 p.m.25 views

CVE-2020-10871

In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other more complex ways...

5.4AI score0.01679EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2020/03/23 12:0 a.m.7 views

PT-2020-12389 · Openwrt · Openwrt Luci

Name of the Vulnerable Software and Affected Versions: OpenWrt LuCI versions git-20.x Description: The issue allows remote unauthenticated attackers to retrieve the list of installed packages and services. The vendor disputes the significance of this report, stating that the same information is...

5.3CVSS7.1AI score0.01679EPSS
Exploits1References7
CNVD
CNVD
added 2020/03/19 12:0 a.m.5 views

OpenWrt uhttpd Buffer Overflow Vulnerability

OpenWrt is a Linux operating system for embedded devices. uhttpd is one of the HTTP services. A buffer overflow vulnerability exists in uhttpd in OpenWrt versions 18.06.5 and earlier and versions 19.x through 19.07.0-rc2. The vulnerability originates when a network system or product performs an...

7.5CVSS7.3AI score0.01551EPSS
Exploits0
CNVD
CNVD
added 2020/03/19 12:0 a.m.7 views

OpenWrt Injection Vulnerability

OpenWrt is a Linux operating system for embedded devices. An injection vulnerability exists in the package list parsing logic of OpenWrt's opkg fork. An attacker can exploit this vulnerability by performing a man-in-the-middle attack to inject arbitrary code...

8.1CVSS7.4AI score0.01588EPSS
Exploits3
CNVD
CNVD
added 2020/03/17 12:0 a.m.4 views

OpenWrt libubox buffer overflow vulnerability

OpenWrt is a Linux operating system for embedded devices. libubox is one of the basic libraries that provides event loops, binary format processing, Linux chain table implementation and JSON auxiliary processing. A buffer overflow vulnerability exists in libubox in OpenWrt versions prior to 18.06...

7.5CVSS7.8AI score0.02486EPSS
Exploits0References1
OSV
OSV
added 2020/03/16 10:15 p.m.26 views

CVE-2020-7982

An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary...

8.1CVSS6.8AI score0.01588EPSS
Exploits3References4
NVD
NVD
added 2020/03/16 10:15 p.m.30 views

CVE-2020-7982

An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary...

8.1CVSS8AI score0.01588EPSS
Exploits3References4
Prion
Prion
added 2020/03/16 10:15 p.m.19 views

Design/Logic Flaw

An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary...

6.8CVSS7.9AI score0.01588EPSS
Exploits3References4Affected Software2
NVD
NVD
added 2020/03/16 9:15 p.m.27 views

CVE-2020-7248

libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow...

7.5CVSS7.6AI score0.02486EPSS
Exploits0References3
OSV
OSV
added 2020/03/16 9:15 p.m.6 views

CVE-2020-7248

libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow...

7.5CVSS5.9AI score0.02486EPSS
Exploits0References3
Prion
Prion
added 2020/03/16 9:15 p.m.21 views

Stack overflow

libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow...

5CVSS7.5AI score0.02486EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2020/03/16 9:5 p.m.89 views

CVE-2020-7982

OpenWrt/OpenWrt-derived builds are affected by CVE-2020-7982. A bug in the opkg package manager fork (before 2020-01-25) misparses embedded checksums in the signed repository index, enabling a man-in-the-middle attacker to inject arbitrary package payloads that are installed without verification....

8.1CVSS7.9AI score0.01588EPSS
Exploits3References4Affected Software2
Cvelist
Cvelist
added 2020/03/16 9:5 p.m.29 views

CVE-2020-7982

An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary...

8AI score0.01588EPSS
Exploits3References4
Rows per page
Query Builder