6 matches found
CVE-2021-27821
The CVE-2021-27821 entry concerns the Web Interface for OpenWrt LuCI (version 19.07 and earlier). It describes a cross-site scripting (XSS) vulnerability in the LuCI web interface that can lead to arbitrary code execution. Affected product/component: OpenWrt LuCI web interface up to v19.07. Under...
CVE-2022-41435
OpenWrt LuCI is affected by a stored XSS in the /system/sshkeys.js component of version git-22.140.66206-02913be. The vulnerability allows an attacker to execute arbitrary web scripts or HTML via crafted public key comments, with exploitation focusing on the LuCI Web UI. Root cause appears to be ...
CVE-2023-24181
CVE-2023-24181 affects LuCI on the OpenWrt 22.03 branch (git-22.361.69894-438c598) and is a reflected XSS in the component "/openvpn/pageswitch.htm". The vulnerability is described as a reflected Cross-Site Scripting issue with network access (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N); exploitation re...
CVE-2020-10871
OpenWrt LuCI git-20.x contains an information disclosure vulnerability: remote, unauthenticated attackers can retrieve the list of installed packages and services. The vendor disputes the severity, noting the information is publicly obtainable by unauthenticated actors via other methods, and ther...
CVE-2019-12272
CVE-2019-12272 affects OpenWrt LuCI prior to 0.10. The web application endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status are affected by a command injection vulnerability. The connected documents confirm the issue but do not provide details on exploit vect...
CVE-2026-32721
LuCI (OpenWrt configuration interface) is affected by a stored XSS in the wireless scan modal within luci-mod-network. The vulnerability arises because SSIDs from scan results are rendered as raw HTML via innerHTML in wireless.js when passed to dom.append(), allowing a malicious SSID to execute a...