Page 2 of 11 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked" and a large negative Content-Length value. uhttpd en OpenWrt versiones hasta 18.06.5 y versiones 19.x hasta 19.07.0-rc2, presenta un error de la propiedad signedness de enteros. Esto conlleva a un acceso fuera de límites en un búfer de la pila y un bloqueo posterior. Se puede activar con una petición HTTP POST en un script CGI, especificando tanto "Transfer-Encoding: chunked" como un valor negativo grande de Content-Length. • https://github.com/openwrt/openwrt/commits/master https://openwrt.org/advisory/2020-01-13-1 • CWE-125: Out-of-bounds Read CWE-681: Incorrect Conversion between Numeric Types •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router" and "New forward rule" and "New Source NAT" (this can occur, for example, on a TP-Link Archer C7 device). OpenWrt versiones 18.06.4, permite un ataque de tipo XSS por medio de estos campos de Nombre en el URI cgi-bin/luci/admin/network/firewall/rules: "Open ports on router" y "New forward rule" y "New Source NAT" (esto puede ocurrir, por ejemplo, en un dispositivo TP-Link Archer C7). • https://github.com/openwrt/luci/commit/3961268597abba4c2b231790cb4aa7936e73cdf8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device). OpenWrt versión 18.06.4, permite un ataque de tipo XSS por medio del campo de Nombre "New port forward" en el URI cgi-bin/luci/admin/network/firewall/forwards (esto puede presentarse, por ejemplo, en un dispositivo TP-Link Archer C7). • https://github.com/openwrt/luci/commit/c048f23bad54b0a79449652380b317819e0ea978 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1

An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request. • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893 • CWE-295: Improper Certificate Validation •

CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1

An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request. • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893 • CWE-295: Improper Certificate Validation •