CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-19945
https://notcve.org/view.php?id=CVE-2019-19945
uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked" and a large negative Content-Length value. uhttpd en OpenWrt versiones hasta 18.06.5 y versiones 19.x hasta 19.07.0-rc2, presenta un error de la propiedad signedness de enteros. Esto conlleva a un acceso fuera de límites en un búfer de la pila y un bloqueo posterior. Se puede activar con una petición HTTP POST en un script CGI, especificando tanto "Transfer-Encoding: chunked" como un valor negativo grande de Content-Length. • https://github.com/openwrt/openwrt/commits/master https://openwrt.org/advisory/2020-01-13-1 • CWE-125: Out-of-bounds Read CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2019-5102
https://notcve.org/view.php?id=CVE-2019-5102
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request. • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893 • CWE-295: Improper Certificate Validation •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2019-5101
https://notcve.org/view.php?id=CVE-2019-5101
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request. • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893 • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17367
https://notcve.org/view.php?id=CVE-2019-17367
OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/. OpenWRT versión de firmware 18.06.4, es vulnerable a CSRF por medio del archivo wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, o network/lan bajo /cgi-bin/luci/admin/network/. • https://github.com/openwrt/luci/commit/f8c6eb67cd9da09ee20248fec6ab742069635e47 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2018-19630
https://notcve.org/view.php?id=CVE-2018-19630
cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI. cgi_handle_request en uhttpd en OpenWrt hasta la versión 18.06.1 y LEDE hasta la versión 17.01 tiene Cross-Site Scripting (XSS) reflejado sin autenticación mediante el URI, tal y como queda demostrado con un URI cgi-bin/?[XSS]. • https://bugs.openwrt.org/index.php?do=details&task_id=1974 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •