D-Link DAP-1860 uhttpd Authentication Bypass Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uhttpd service, which listens on TCP port 80 by default. Th...

The vulnerability of the uhttpd function in the embedded operating system OpenWrt allows a hacker to trigger a service failure.

The vulnerability of the uhttpd function in the embedded operating system OpenWrt relates to the execution of operations outside the buffer boundaries. Exploiting this vulnerability allows a malicious actor to trigger a service failure by sending a specially crafted HTTP POST request to the CGI...

OpenWrt uhttpd Buffer Overflow Vulnerability

OpenWrt is a Linux operating system for embedded devices. uhttpd is one of the HTTP services. A buffer overflow vulnerability exists in uhttpd in OpenWrt versions 18.06.5 and earlier and versions 19.x through 19.07.0-rc2. The vulnerability originates when a network system or product performs an...

CVE-2019-19945

uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked" and a large...

CVE-2019-19945

uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked" and a large...

Integer overflow

uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked" and a large...

CVE-2019-19945

uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked" and a large...

CVE-2019-19945

CVE-2019-19945 affects OpenWrt/uhttpd. A signedness error in uhttpd up to 18.06.5 and 19.x up to 19.07.0-rc2 allows out-of-bounds access to a heap buffer, leading to a crash. The issue can be triggered by a remote HTTP POST to a CGI script with Transfer-Encoding: chunked and a large negative Cont...

Security Advisory 2020-01-13-1 - uhttpd invalid data access via HTTP POST request (CVE-2019-19945)

DESCRIPTION An invalid data access can be triggered with an HTTP POST request to a CGI script specifying both Transfer-Encoding: chunked and a large Content-Length which exceeds 2^31 and is interpreted as a signed negative number. The negative content length is assigned to r→contentlength in...

Telus Actiontec WEB6000Q Denial Of Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Device Details Discovered By: Andrew Klaus [email protected] Vendor: Actiontec Telus Branded Model: WEB6000Q Affected Firmware: 1.1.02.22 Reported: July 2018 CVE: Not needed since update is pushed by the provider. Summary of Findings By querying CGI...

CVE-2018-19630

cgihandlerequest in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?XSS URI...

CVE-2018-19630

cgihandlerequest in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?XSS URI...

Cross site scripting

cgihandlerequest in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?XSS URI...

CVE-2018-19630

The vulnerability CVE-2018-19630 affects OpenWrt up to 18.06.1 and LEDE up to 17.01, where the uhttpd component’s cgi_handle_request is vulnerable to unauthenticated reflected XSS via the request URI (demonstrated with cgi-bin/?[XSS]). The issue is triggered by crafted URI input and allows a refl...

CVE-2018-19630

cgihandlerequest in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?XSS URI...

TP-Link 路由器命令注入漏洞(CVE-2017-16957)

0x01 背景 TP-Link TL-WVR 等都是中国普联（TP-LINK）公司的无线路由器产品。 多款 TP-Link 系列产品存在命令注入漏洞，攻击者在登录后可发送恶意字段，经拼接后导致任意命令执行。 该漏洞由 coincoin7 发现，漏洞编号 CVE-2017-16957 0x02 受影响产品 TP-LINK TL-WVR 系列 TP-LINK TL-WAR 系列 TP-LINK TL-ER 系列 TP-LINK TL-R 系列 0x03 漏洞分析 根据原文提供的链接，下载了 TL-WVR450L 的固件，使用 binwalk 解包，拿到 squashfs 系统文件，再用...

Open redirect

TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the getdevicebyif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd...

Command injection

TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zonegetifacebydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd...

CVE-2017-17758

TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zonegetifacebydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd...

CVE-2017-17758

CVE-2017-17758 affects TP-Link TL-WVR and TL-WAR devices. A remote authenticated user can execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, tied to zone_get_iface_bydev in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd. C...