Lucene search
K

4 matches found

NVD
NVD
added yesterday5 views

CVE-2026-62947

OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, the cgi-download handler in cgi-io authorizes the requested path against the caller's ubus session file ACL before canonicalization, and rpcd session.c uses fnmatch without FNMPATHNAME, allowing traversal such as an...

4.9CVSS
Exploits0References4
CVE
CVE
added yesterday9 views

CVE-2026-62947

CVE-2026-62947 affects OpenWrt prior to 25.12.5 through the cgi-download handler in cgi-io, where the requested path is validated against the caller’s ubus session file ACL before canonicalization. The rpcd session.c uses fnmatch() without FNM_PATHNAME, enabling traversal such as an allowed wildc...

4.9CVSS6.1AI score
Exploits0References4
EUVD
EUVD
added yesterday4 views

EUVD-2026-44756

OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, the cgi-download handler in cgi-io authorizes the requested path against the caller's ubus session file ACL before canonicalization, and rpcd session.c uses fnmatch without FNMPATHNAME, allowing traversal such as an...

4.9CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.9 views

PT-2026-56265

Name of the Vulnerable Software and Affected Versions OpenWrt versions prior to 25.12.5 Description An integer underflow occurs in the handle send a function of the Emergency Access Daemon. An unauthenticated attacker on the local network can trigger this by sending a single crafted UDP packet,...

6.5CVSS6.1AI score0.00684EPSS
Exploits1References8
Rows per page
Query Builder