CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17367
https://notcve.org/view.php?id=CVE-2019-17367
OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/. OpenWRT versión de firmware 18.06.4, es vulnerable a CSRF por medio del archivo wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, o network/lan bajo /cgi-bin/luci/admin/network/. • https://github.com/openwrt/luci/commit/f8c6eb67cd9da09ee20248fec6ab742069635e47 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2018-19630
https://notcve.org/view.php?id=CVE-2018-19630
cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI. cgi_handle_request en uhttpd en OpenWrt hasta la versión 18.06.1 y LEDE hasta la versión 17.01 tiene Cross-Site Scripting (XSS) reflejado sin autenticación mediante el URI, tal y como queda demostrado con un URI cgi-bin/?[XSS]. • https://bugs.openwrt.org/index.php?do=details&task_id=1974 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •