CPE Details

OpenWrt
openwrt
openwrt
-
2023-05-24
12h53 +00:00
2023-05-24
13h01 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:o:openwrt:openwrt:-:*:*:*:*:*:*:*

Informations

Vendor

openwrt

Product

openwrt

Version

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-38333 2022-09-19 14h13 +00:00 Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request.
7.5
High
CVE-2020-28951 2020-11-19 18h01 +00:00 libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c.
9.8
Critical
CVE-2018-19630 2018-11-28 09h00 +00:00 cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI.
6.1
Medium
CVE-2018-11116 2018-06-19 19h00 +00:00 OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution. NOTE: The developer disputes this as a vulnerability, indicating that rpcd functions appropriately
8.8
High