OpenWrt 19.07.0 Release Candidate 1

CPE Details

OpenWrt 19.07.0 Release Candidate 1
openwrt
openwrt
19.07.0
2023-05-24
12h53 +00:00
2023-05-24
13h01 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:o:openwrt:openwrt:19.07.0:rc1:*:*:*:*:*:*

Informations

Vendor

openwrt

Product

openwrt

Version

19.07.0

Update

rc1

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-20085 2024-09-02 02h07 +00:00 In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944204; Issue ID: MSV-1560.
4.4
Moyen
CVE-2024-20084 2024-09-02 02h07 +00:00 In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944210; Issue ID: MSV-1561.
4.4
Moyen
CVE-2022-38333 2022-09-19 14h13 +00:00 Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request.
7.5
Haute
CVE-2021-32019 2021-08-02 18h35 +00:00 There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP.
6.1
Moyen
CVE-2021-22161 2021-02-07 21h56 +00:00 In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set. This affects the netifd and odhcp6c packages.
6.5
Moyen
CVE-2020-28951 2020-11-19 18h01 +00:00 libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c.
9.8
Critique
CVE-2020-7248 2020-03-16 19h49 +00:00 libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow.
7.5
Haute
CVE-2019-19945 2020-03-16 16h17 +00:00 uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked" and a large negative Content-Length value.
7.5
Haute