Lucene search

K
OpenwrtOpenwrt

89 matches found

CVE
CVE
added 2019/12/03 8:15 p.m.47 views

CVE-2019-18993

OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device).

5.4CVSS5.2AI score0.00281EPSS
CVE
CVE
added 2020/11/19 7:15 p.m.47 views

CVE-2020-28951

libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c.

10CVSS9.4AI score0.00518EPSS
CVE
CVE
added 2021/12/27 11:15 p.m.47 views

CVE-2021-45906

OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen.

5.4CVSS5.2AI score0.00467EPSS
CVE
CVE
added 2025/01/06 4:15 a.m.47 views

CVE-2024-20152

In wlan STA driver, there is a possible reachable assertion due to improper exception handling. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00389047 / ALPS09136505; Issue I...

4.4CVSS6.7AI score0.00006EPSS
CVE
CVE
added 2025/03/03 3:15 a.m.47 views

CVE-2025-20649

In Bluetooth Stack SW, there is a possible information disclosure due to a missing permission check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00396437; Issue I...

6.5CVSS6.7AI score0.00024EPSS
CVE
CVE
added 2023/08/07 4:15 a.m.46 views

CVE-2023-20796

In power, there is a possible memory corruption due to an incorrect bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929790; Issue ID: ALPS07929790.

4.4CVSS4.8AI score0.0001EPSS
CVE
CVE
added 2023/09/04 3:15 a.m.45 views

CVE-2023-20828

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014144.

6.7CVSS6.7AI score0.0001EPSS
CVE
CVE
added 2024/06/03 2:15 a.m.45 views

CVE-2024-20072

In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364732; Issue ID: MSV-1332.

6.6CVSS7.3AI score0.00163EPSS
CVE
CVE
added 2025/03/03 3:15 a.m.45 views

CVE-2025-20651

In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ...

4.1CVSS6.4AI score0.00009EPSS
CVE
CVE
added 2024/09/02 5:15 a.m.43 views

CVE-2024-20085

In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944204; Issue ID: MSV-1560.

4.4CVSS6.2AI score0.00011EPSS
CVE
CVE
added 2023/08/07 4:15 a.m.42 views

CVE-2023-20790

In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07740194; Issue ID: ALPS07740194.

4.4CVSS4.4AI score0.00011EPSS
CVE
CVE
added 2023/09/04 3:15 a.m.42 views

CVE-2023-32813

In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017370; Issue ID: ALPS08017370.

4.4CVSS4.4AI score0.00008EPSS
CVE
CVE
added 2018/11/28 10:29 a.m.41 views

CVE-2018-19630

cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI.

6.1CVSS6AI score0.00326EPSS
CVE
CVE
added 2021/12/27 11:15 p.m.41 views

CVE-2021-45904

OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen.

5.4CVSS5.2AI score0.00467EPSS
CVE
CVE
added 2024/06/03 2:15 a.m.41 views

CVE-2024-20071

In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364733; Issue ID: MSV-1331.

4.4CVSS6.3AI score0.00043EPSS
CVE
CVE
added 2021/08/02 9:15 p.m.40 views

CVE-2021-32019

There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP.

6.1CVSS6.6AI score0.00216EPSS
CVE
CVE
added 2023/06/06 1:15 p.m.40 views

CVE-2023-20725

In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990 o...

6.7CVSS6.7AI score0.00011EPSS
CVE
CVE
added 2024/09/02 5:15 a.m.39 views

CVE-2024-20084

In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944210; Issue ID: MSV-1561.

4.4CVSS6.2AI score0.00011EPSS
CVE
CVE
added 2023/09/04 3:15 a.m.38 views

CVE-2023-20831

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014162.

6.7CVSS6.7AI score0.0001EPSS
CVE
CVE
added 2024/12/02 4:15 a.m.37 views

CVE-2024-20136

In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09121847; Issue ID: MSV-1821.

6.2CVSS6.4AI score0.0001EPSS
CVE
CVE
added 2024/06/03 2:15 a.m.36 views

CVE-2024-20073

In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00367704; Issue ID: MSV-1411.

6.6CVSS7.4AI score0.00163EPSS
CVE
CVE
added 2024/11/04 2:15 a.m.36 views

CVE-2024-20107

In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09124360; Issue ID: MSV-1823.

6.2CVSS6.2AI score0.00004EPSS
CVE
CVE
added 2021/01/26 6:15 p.m.35 views

CVE-2019-25015

LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID.

5.4CVSS5.1AI score0.00343EPSS
CVE
CVE
added 2023/12/04 4:15 a.m.35 views

CVE-2023-32855

In aee, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07909204; Issue ID: ALPS07909204.

6.7CVSS6.6AI score0.00024EPSS
CVE
CVE
added 2019/12/03 8:15 p.m.32 views

CVE-2019-18992

OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router" and "New forward rule" and "New Source NAT" (this can occur, for example, on a TP-Link Archer C7 device).

5.4CVSS5.3AI score0.00281EPSS
CVE
CVE
added 2023/07/04 2:15 a.m.30 views

CVE-2023-20775

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07978760; Issue ID: ALPS07363410.

6.7CVSS6.7AI score0.00011EPSS
CVE
CVE
added 2025/07/08 3:15 a.m.10 views

CVE-2025-20686

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00415570; Issue ID: MSV-3404.

8.8CVSS7.2AI score0.00021EPSS
CVE
CVE
added 2025/07/08 3:15 a.m.10 views

CVE-2025-20692

In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418040; Issue ID: MSV-3476.

5.5CVSS5.8AI score0.00014EPSS
CVE
CVE
added 2025/07/08 3:15 a.m.10 views

CVE-2025-20693

In wlan STA driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09812521; Issue ID: MSV-34...

6.5CVSS6.2AI score0.00008EPSS
CVE
CVE
added 2025/07/08 3:15 a.m.9 views

CVE-2025-20681

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416936; Issue ID: MSV-3446.

9.8CVSS6.8AI score0.00098EPSS
CVE
CVE
added 2025/07/08 3:15 a.m.9 views

CVE-2025-20682

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416937; Issue ID: MSV-3445.

9.8CVSS6.8AI score0.00098EPSS
CVE
CVE
added 2025/07/08 3:15 a.m.9 views

CVE-2025-20683

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416938; Issue ID: MSV-3444.

9.8CVSS6.8AI score0.00098EPSS
CVE
CVE
added 2025/07/08 3:15 a.m.9 views

CVE-2025-20685

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416226; Issue ID: MSV-3409.

8.8CVSS7.2AI score0.00021EPSS
CVE
CVE
added 2025/07/08 3:15 a.m.9 views

CVE-2025-20689

In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418048; Issue ID: MSV-3479.

5.5CVSS5.8AI score0.00014EPSS
CVE
CVE
added 2025/07/08 3:15 a.m.9 views

CVE-2025-20690

In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418038; Issue ID: MSV-3478.

5.5CVSS5.8AI score0.00014EPSS
CVE
CVE
added 2025/07/08 3:15 a.m.9 views

CVE-2025-20691

In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418039; Issue ID: MSV-3477.

5.5CVSS5.8AI score0.00014EPSS
CVE
CVE
added 2025/07/08 3:15 a.m.9 views

CVE-2025-20694

In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09752821; Issue ID: MSV-3342.

6.5CVSS6.6AI score0.00027EPSS
CVE
CVE
added 2025/07/08 3:15 a.m.9 views

CVE-2025-20695

In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09741871; Issue ID: MSV-3317.

6.5CVSS6.6AI score0.00027EPSS
CVE
CVE
added 2025/07/08 3:15 a.m.8 views

CVE-2025-20688

In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418047; Issue ID: MSV-3480.

5.5CVSS5.8AI score0.00014EPSS
Total number of security vulnerabilities89