Lucene search

K
OpenwrtOpenwrt

89 matches found

CVE
CVE
added 2019/10/18 5:15 p.m.150 views

CVE-2019-17367

OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/.

8.8CVSS8.7AI score0.00177EPSS
CVE
CVE
added 2021/03/21 6:15 a.m.123 views

CVE-2021-28961

applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests.

8.8CVSS8.5AI score0.01139EPSS
CVE
CVE
added 2024/02/05 6:15 a.m.112 views

CVE-2024-20006

In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477148; Issue ID: ALPS08477148.

6.7CVSS6.7AI score0.0005EPSS
CVE
CVE
added 2024/03/04 3:15 a.m.109 views

CVE-2024-20017

In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR00350938; Issue ID: MSV-1132.

9.8CVSS7.7AI score0.74714EPSS
CVE
CVE
added 2023/05/15 10:15 p.m.98 views

CVE-2023-20726

In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT...

3.3CVSS3.7AI score0.00016EPSS
CVE
CVE
added 2024/04/01 3:15 a.m.94 views

CVE-2024-20040

In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08360153 (for MT6XXX chipsets) / WCNCR00363530...

8.8CVSS7.3AI score0.00888EPSS
CVE
CVE
added 2024/05/06 3:15 a.m.91 views

CVE-2023-32871

In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID: ALPS08355514.

5.3CVSS7AI score0.00004EPSS
CVE
CVE
added 2019/11/18 6:15 p.m.89 views

CVE-2019-5101

An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by pe...

5.9CVSS5.9AI score0.00215EPSS
CVE
CVE
added 2023/09/04 3:15 a.m.89 views

CVE-2023-20829

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014148.

6.7CVSS6.7AI score0.0001EPSS
CVE
CVE
added 2025/04/07 4:15 a.m.88 views

CVE-2025-20654

In wlan service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00406897; Issue ID: MSV-2875.

9.8CVSS7.6AI score0.00235EPSS
CVE
CVE
added 2023/05/15 10:15 p.m.83 views

CVE-2023-20694

In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only); Issue I...

6.7CVSS6.7AI score0.00009EPSS
CVE
CVE
added 2025/01/06 4:15 a.m.83 views

CVE-2024-20144

In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09167056; I...

6.6CVSS7.1AI score0.00011EPSS
CVE
CVE
added 2023/05/15 10:15 p.m.82 views

CVE-2023-20696

In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only); Issue I...

6.7CVSS6.7AI score0.00009EPSS
CVE
CVE
added 2025/04/07 4:15 a.m.81 views

CVE-2025-20656

In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09625423; ...

6.8CVSS7.1AI score0.00013EPSS
CVE
CVE
added 2023/09/04 3:15 a.m.80 views

CVE-2023-20832

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08013530.

6.7CVSS6.7AI score0.0001EPSS
CVE
CVE
added 2023/04/11 1:15 a.m.78 views

CVE-2023-24182

LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /system/sshkeys.js.

5.4CVSS5.3AI score0.00094EPSS
CVE
CVE
added 2019/11/18 6:15 p.m.76 views

CVE-2019-5102

An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by pe...

5.9CVSS5.8AI score0.00215EPSS
CVE
CVE
added 2023/05/15 10:15 p.m.75 views

CVE-2023-20695

In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT699...

6.7CVSS6.7AI score0.00009EPSS
CVE
CVE
added 2024/03/04 3:15 a.m.75 views

CVE-2024-20023

In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541638; Issue ID: ALPS08541638.

6.7CVSS6.9AI score0.00015EPSS
CVE
CVE
added 2024/04/01 3:15 a.m.75 views

CVE-2024-20049

In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541765; Issue ID: ALPS08541765.

4.4CVSS6AI score0.00013EPSS
CVE
CVE
added 2025/01/06 4:15 a.m.75 views

CVE-2024-20145

In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09290940; I...

6.6CVSS7.1AI score0.00011EPSS
CVE
CVE
added 2025/02/03 4:15 a.m.75 views

CVE-2025-20635

In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09403752; I...

6.6CVSS6.6AI score0.00011EPSS
CVE
CVE
added 2024/03/04 3:15 a.m.74 views

CVE-2024-20022

In lk, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528255; Issue ID: ALPS08528255.

6.7CVSS6.9AI score0.00025EPSS
CVE
CVE
added 2024/05/06 3:15 a.m.74 views

CVE-2024-20056

In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID: ALPS08528185.

6.7CVSS6.9AI score0.00011EPSS
CVE
CVE
added 2025/01/06 4:15 a.m.74 views

CVE-2024-20143

In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09167056; I...

6.6CVSS7.1AI score0.00011EPSS
CVE
CVE
added 2025/01/06 4:15 a.m.74 views

CVE-2024-20146

In wlan STA driver, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389496 / ALPS09137491; Issue I...

8.1CVSS7.8AI score0.00014EPSS
CVE
CVE
added 2020/03/16 9:15 p.m.71 views

CVE-2020-7248

libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow.

7.5CVSS7.7AI score0.01111EPSS
CVE
CVE
added 2020/03/16 10:15 p.m.70 views

CVE-2020-7982

An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary pa...

8.1CVSS7.9AI score0.02911EPSS
CVE
CVE
added 2023/09/04 3:15 a.m.66 views

CVE-2023-32812

In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local esclation of privileges with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017365; Issue ID: ALPS08017365.

6.7CVSS6.5AI score0.0001EPSS
CVE
CVE
added 2021/02/07 11:15 p.m.63 views

CVE-2021-22161

In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix an...

6.5CVSS6.3AI score0.00107EPSS
CVE
CVE
added 2024/07/01 5:15 a.m.63 views

CVE-2024-20081

In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08719602; Issue ID: MSV-1412.

9.8CVSS7.2AI score0.00054EPSS
CVE
CVE
added 2024/04/01 3:15 a.m.62 views

CVE-2024-20051

In flashc, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541758.

2.3CVSS6.5AI score0.00013EPSS
CVE
CVE
added 2024/04/01 3:15 a.m.60 views

CVE-2024-20050

In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541757.

4.4CVSS6AI score0.00013EPSS
CVE
CVE
added 2020/03/16 6:15 p.m.59 views

CVE-2019-19945

uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked" and a large negativ...

7.5CVSS7.5AI score0.00975EPSS
CVE
CVE
added 2023/09/04 3:15 a.m.59 views

CVE-2023-20830

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014156.

6.7CVSS6.7AI score0.0001EPSS
CVE
CVE
added 2024/11/04 2:15 a.m.59 views

CVE-2024-20104

In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09073261; Issue ID: MSV-1772.

8.4CVSS7.2AI score0.00011EPSS
CVE
CVE
added 2024/04/01 3:15 a.m.56 views

CVE-2024-20053

In flashc, there is a possible out of bounds write due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541764.

8.4CVSS7AI score0.00022EPSS
CVE
CVE
added 2018/06/19 9:29 p.m.55 views

CVE-2018-11116

OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and servi...

8.8CVSS8.3AI score0.01645EPSS
CVE
CVE
added 2023/09/04 3:15 a.m.55 views

CVE-2023-20820

In wlan service, there is a possible command injection due to improper input validation. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00244189; Issue ID: WCNCR00244189.

7.2CVSS7.6AI score0.01103EPSS
CVE
CVE
added 2024/04/01 3:15 a.m.55 views

CVE-2024-20054

In gnss, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580200; Issue ID: ALPS08580200.

6.6CVSS6.9AI score0.00041EPSS
CVE
CVE
added 2022/09/19 5:15 p.m.52 views

CVE-2022-38333

Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request.

7.5CVSS7.3AI score0.00193EPSS
CVE
CVE
added 2023/09/04 3:15 a.m.52 views

CVE-2023-20821

In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937113; Issue ID: ALPS07937113.

6.7CVSS6.7AI score0.0001EPSS
CVE
CVE
added 2025/02/03 4:15 a.m.52 views

CVE-2024-20147

In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389046 (Note: For MT79XX chipsets) / ALPS0913650...

5.3CVSS7AI score0.0003EPSS
CVE
CVE
added 2021/12/27 11:15 p.m.51 views

CVE-2021-45905

OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen.

5.4CVSS5.2AI score0.00467EPSS
CVE
CVE
added 2024/04/01 3:15 a.m.50 views

CVE-2024-20052

In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541761.

4.4CVSS6AI score0.00011EPSS
CVE
CVE
added 2025/03/03 3:15 a.m.50 views

CVE-2025-20650

In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issu...

6.8CVSS6.9AI score0.00013EPSS
CVE
CVE
added 2021/05/25 2:15 p.m.49 views

CVE-2021-33425

A stored cross-site scripting (XSS) vulnerability was discovered in the Web Interface for OpenWRT LuCI version 19.07 which allows attackers to inject arbitrary Javascript in the OpenWRT Hostname via the Hostname Change operation.

5.4CVSS5.5AI score0.00206EPSS
CVE
CVE
added 2025/06/02 3:15 a.m.49 views

CVE-2025-20674

In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413202; Issue ID: MSV-3303.

9.8CVSS7.1AI score0.00218EPSS
CVE
CVE
added 2023/09/04 3:15 a.m.48 views

CVE-2023-32806

In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441589; Issue ID: ALPS07441589.

6.7CVSS6.7AI score0.00008EPSS
CVE
CVE
added 2023/09/04 3:15 a.m.48 views

CVE-2023-32815

In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08037801; Issue ID: ALPS08037801.

4.4CVSS4.3AI score0.0001EPSS
Total number of security vulnerabilities89