Lucene search
+L

5 matches found

NVD
NVD
added 3 days ago5 views

CVE-2026-62947

OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, the cgi-download handler in cgi-io authorizes the requested path against the caller's ubus session file ACL before canonicalization, and rpcd session.c uses fnmatch without FNMPATHNAME, allowing traversal such as an...

4.9CVSS0.00358EPSS
Exploits0References4
OSV
OSV
added 3 days ago4 views

CVE-2026-62947 OpenWrt: ACL bypass and arbitrary root file read via cgi-io cgi-download

OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, the cgi-download handler in cgi-io authorizes the requested path against the caller's ubus session file ACL before canonicalization, and rpcd session.c uses fnmatch without FNMPATHNAME, allowing traversal such as an...

4.9CVSS6.1AI score0.00358EPSS
Exploits0References6
CVE
CVE
added 2026/07/02 12:28 p.m.24 views

CVE-2026-58652

The issue affects luci-app-travelmate and the travelmate package. A LuCI/rpcd session with the luci-app-travelmate write ACL gains config-wide UCI write access to the travelmate configuration, and the backend travelmate service (running as root) reads raw UCI values for script and script_args and...

7.7CVSS6.1AI score0.00482EPSS
Exploits0References7
Prion
Prion
added 2018/06/19 9:29 p.m.16 views

Information disclosure

DISPUTED OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods i.e., achieve ubus access over HTTP that were only supposed to be accessible to a specific user, as demonstrated by the file, log,...

6.5CVSS8.3AI score0.02436EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2018/06/19 9:0 p.m.15 views

CVE-2018-11116

OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods i.e., achieve ubus access over HTTP that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and servi...

6.9AI score0.02436EPSS
Exploits0References2
Rows per page
Query Builder