Openwrt@21.02.0 Security Vulnerabilities and Issues — Openwrt@21.02.0 CVE List

Lucene search

OpenwrtOpenwrt21.02.0

62 matches found

CVE•added 2024/02/05 6:15 a.m.•134 views

CVE-2024-20006

In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477148; Issue ID: ALPS08477148.

6.7CVSS6.7AI score0.0005EPSS

CVE•added 2023/05/15 10:15 p.m.•124 views

CVE-2023-20726

In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT...

3.3CVSS3.7AI score0.00016EPSS

CVE•added 2024/03/04 3:15 a.m.•116 views

CVE-2024-20017

In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR00350938; Issue ID: MSV-1132.

9.8CVSS7.7AI score0.74714EPSS

CVE•added 2024/04/01 3:15 a.m.•116 views

CVE-2024-20040

In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08360153 (for MT6XXX chipsets) / WCNCR00363530...

8.8CVSS7.3AI score0.00926EPSS

CVE•added 2024/05/06 3:15 a.m.•113 views

CVE-2023-32871

In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID: ALPS08355514.

5.3CVSS7AI score0.00004EPSS

CVE•added 2023/05/15 10:15 p.m.•106 views

CVE-2023-20696

In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only); Issue I...

6.7CVSS6.7AI score0.00009EPSS

CVE•added 2025/01/06 4:15 a.m.•106 views

CVE-2024-20144

In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09167056; I...

6.6CVSS7.1AI score0.00014EPSS

CVE•added 2023/05/15 10:15 p.m.•104 views

CVE-2023-20694

In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only); Issue I...

6.7CVSS6.7AI score0.00009EPSS

CVE•added 2025/04/07 4:15 a.m.•103 views

CVE-2025-20656

In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09625423; ...

6.8CVSS7.1AI score0.0001EPSS

CVE•added 2023/05/15 10:15 p.m.•98 views

CVE-2023-20695

In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT699...

6.7CVSS6.7AI score0.00009EPSS

CVE•added 2024/03/04 3:15 a.m.•97 views

CVE-2024-20023

In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541638; Issue ID: ALPS08541638.

6.7CVSS6.9AI score0.00015EPSS

CVE•added 2024/05/06 3:15 a.m.•97 views

CVE-2024-20056

In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID: ALPS08528185.

6.7CVSS6.9AI score0.0001EPSS

CVE•added 2025/01/06 4:15 a.m.•97 views

CVE-2024-20145

6.6CVSS7.1AI score0.00014EPSS

CVE•added 2024/03/04 3:15 a.m.•96 views

CVE-2024-20022

In lk, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528255; Issue ID: ALPS08528255.

6.7CVSS6.9AI score0.00025EPSS

CVE•added 2025/02/03 4:15 a.m.•96 views

CVE-2025-20635

6.6CVSS6.6AI score0.00013EPSS

CVE•added 2025/01/06 4:15 a.m.•94 views

CVE-2024-20143

6.6CVSS7.1AI score0.00014EPSS

CVE•added 2023/09/04 3:15 a.m.•90 views

CVE-2023-20829

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014148.

6.7CVSS6.7AI score0.0002EPSS

CVE•added 2025/04/07 4:15 a.m.•90 views

CVE-2025-20654

In wlan service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00406897; Issue ID: MSV-2875.

9.8CVSS7.6AI score0.00189EPSS

CVE•added 2023/09/04 3:15 a.m.•81 views

CVE-2023-20832

6.7CVSS6.7AI score0.0002EPSS

CVE•added 2024/11/04 2:15 a.m.•81 views

CVE-2024-20104

In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09073261; Issue ID: MSV-1772.

8.4CVSS7.2AI score0.00011EPSS

CVE•added 2024/04/01 3:15 a.m.•76 views

CVE-2024-20049

In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541765; Issue ID: ALPS08541765.

4.4CVSS6AI score0.00013EPSS

CVE•added 2023/09/04 3:15 a.m.•68 views

CVE-2023-32812

In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local esclation of privileges with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017365; Issue ID: ALPS08017365.

6.7CVSS6.5AI score0.00023EPSS

CVE•added 2024/07/01 5:15 a.m.•64 views

CVE-2024-20081

In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08719602; Issue ID: MSV-1412.

9.8CVSS7.2AI score0.00044EPSS

CVE•added 2024/04/01 3:15 a.m.•63 views

CVE-2024-20051

In flashc, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541758.

2.3CVSS6.5AI score0.00013EPSS

CVE•added 2024/04/01 3:15 a.m.•61 views

CVE-2024-20050

4.4CVSS6AI score0.00013EPSS

CVE•added 2023/09/04 3:15 a.m.•60 views

CVE-2023-20830

6.7CVSS6.7AI score0.0002EPSS

CVE•added 2023/09/04 3:15 a.m.•57 views

CVE-2023-20820

In wlan service, there is a possible command injection due to improper input validation. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00244189; Issue ID: WCNCR00244189.

7.2CVSS7.6AI score0.01103EPSS

CVE•added 2024/04/01 3:15 a.m.•57 views

CVE-2024-20053

In flashc, there is a possible out of bounds write due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541764.

8.4CVSS7AI score0.00022EPSS

CVE•added 2024/04/01 3:15 a.m.•56 views

CVE-2024-20054

In gnss, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580200; Issue ID: ALPS08580200.

6.6CVSS6.9AI score0.00066EPSS

CVE•added 2023/09/04 3:15 a.m.•54 views

CVE-2023-20821

In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937113; Issue ID: ALPS07937113.

6.7CVSS6.7AI score0.0002EPSS

CVE•added 2024/04/01 3:15 a.m.•51 views

CVE-2024-20052

4.4CVSS6AI score0.00011EPSS

CVE•added 2025/03/03 3:15 a.m.•51 views

CVE-2025-20650

In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issu...

6.8CVSS6.9AI score0.00014EPSS

CVE•added 2025/06/02 3:15 a.m.•50 views

CVE-2025-20674

In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413202; Issue ID: MSV-3303.

9.8CVSS7.1AI score0.00165EPSS

CVE•added 2023/09/04 3:15 a.m.•49 views

CVE-2023-32806

In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441589; Issue ID: ALPS07441589.

6.7CVSS6.7AI score0.00015EPSS

CVE•added 2023/09/04 3:15 a.m.•49 views

CVE-2023-32815

In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08037801; Issue ID: ALPS08037801.

4.4CVSS4.3AI score0.00013EPSS

CVE•added 2023/08/07 4:15 a.m.•47 views

CVE-2023-20796

In power, there is a possible memory corruption due to an incorrect bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929790; Issue ID: ALPS07929790.

4.4CVSS4.8AI score0.0001EPSS

CVE•added 2023/09/04 3:15 a.m.•46 views

CVE-2023-20828

6.7CVSS6.7AI score0.0002EPSS

CVE•added 2024/06/03 2:15 a.m.•46 views

CVE-2024-20072

6.6CVSS7.3AI score0.00163EPSS

CVE•added 2025/03/03 3:15 a.m.•46 views

CVE-2025-20651

In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ...

4.1CVSS6.4AI score0.0001EPSS

CVE•added 2023/08/07 4:15 a.m.•43 views

CVE-2023-20790

In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07740194; Issue ID: ALPS07740194.

4.4CVSS4.4AI score0.00014EPSS

CVE•added 2023/09/04 3:15 a.m.•43 views

CVE-2023-32813

In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017370; Issue ID: ALPS08017370.

4.4CVSS4.4AI score0.0001EPSS

CVE•added 2023/06/06 1:15 p.m.•42 views

CVE-2023-20725

In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990 o...

6.7CVSS6.7AI score0.00011EPSS

CVE•added 2024/06/03 2:15 a.m.•42 views

CVE-2024-20071

In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364733; Issue ID: MSV-1331.

4.4CVSS6.3AI score0.00043EPSS

CVE•added 2023/09/04 3:15 a.m.•39 views

CVE-2023-20831

6.7CVSS6.7AI score0.0002EPSS

CVE•added 2024/12/02 4:15 a.m.•38 views

CVE-2024-20136

In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09121847; Issue ID: MSV-1821.

6.2CVSS6.4AI score0.00013EPSS

CVE•added 2024/06/03 2:15 a.m.•37 views

CVE-2024-20073

In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00367704; Issue ID: MSV-1411.

6.6CVSS7.4AI score0.00163EPSS

CVE•added 2024/11/04 2:15 a.m.•37 views

CVE-2024-20107

6.2CVSS6.2AI score0.00005EPSS

CVE•added 2025/08/04 2:15 a.m.•16 views

CVE-2025-20696

In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09915215; Issu...

6.8CVSS6.5AI score0.00012EPSS

CVE•added 2025/07/08 3:15 a.m.•11 views

CVE-2025-20681

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416936; Issue ID: MSV-3446.

9.8CVSS6.8AI score0.00112EPSS

CVE•added 2025/07/08 3:15 a.m.•11 views

CVE-2025-20686

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00415570; Issue ID: MSV-3404.

8.8CVSS7.2AI score0.00032EPSS

Total number of security vulnerabilities62