CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-28951
https://notcve.org/view.php?id=CVE-2020-28951
19 Nov 2020 — libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c. libuci en OpenWrt versiones anteriores a 18.06.9 y versiones 19.x anteriores a 19.07.5, puede encontrar un uso de la memoria previamente liberada cuando se utilizan nombres de paquetes maliciosos. Esto está relacionado a la función uci_parse_package en el archivo file.c y la función uci_strdup en el archivo u... • https://git.openwrt.org/?p=openwrt/openwrt.git%3Ba=commit%3Bh=5625f5bc36954d644cb80adf8de47854c65d91c3 • CWE-416: Use After Free •
CVSS: 8.1EPSS: 5%CPEs: 3EXPL: 2CVE-2020-7982
https://notcve.org/view.php?id=CVE-2020-7982
16 Mar 2020 — An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary package payloads (which are installed without verification). Se detectó un problema en OpenWrt versiones 18.06.0 hasta 18.06.6 y versión 19.07.0, y LEDE versiones 17.01.0 hasta 17.01.7. Un error en la derivación del... • https://arstechnica.com/information-technology/2020/03/openwrt-is-vulnerable-to-attacks-that-execute-malicious-code • CWE-345: Insufficient Verification of Data Authenticity CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2020-7248
https://notcve.org/view.php?id=CVE-2020-7248
16 Mar 2020 — libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow. libubox en OpenWrt versiones anteriores a 18.06.7 y versiones 19.x anteriores a 19.07.1, presenta una vulnerabilidad de serialización JSON de datos binarios etiquetados lo que puede causar un desbordamiento de búfer en la región stack de la memoria. • https://github.com/openwrt/openwrt/commits/master • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 1CVE-2019-19945
https://notcve.org/view.php?id=CVE-2019-19945
16 Mar 2020 — uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked" and a large negative Content-Length value. uhttpd en OpenWrt versiones hasta 18.06.5 y versiones 19.x hasta 19.07.0-rc2, presenta un error de la propiedad signedness de enteros. Esto conlleva a un acceso fuera de límites en un búfer... • https://github.com/delicateByte/CVE-2019-19945_Test • CWE-125: Out-of-bounds Read CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18992
https://notcve.org/view.php?id=CVE-2019-18992
03 Dec 2019 — OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router" and "New forward rule" and "New Source NAT" (this can occur, for example, on a TP-Link Archer C7 device). OpenWrt versiones 18.06.4, permite un ataque de tipo XSS por medio de estos campos de Nombre en el URI cgi-bin/luci/admin/network/firewall/rules: "Open ports on router" y "New forward rule" y "New Source NAT" (esto puede ocurrir, por ejemplo, en un dispositivo TP-Link Archer C7). • https://github.com/openwrt/luci/commit/3961268597abba4c2b231790cb4aa7936e73cdf8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18993
https://notcve.org/view.php?id=CVE-2019-18993
03 Dec 2019 — OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device). OpenWrt versión 18.06.4, permite un ataque de tipo XSS por medio del campo de Nombre "New port forward" en el URI cgi-bin/luci/admin/network/firewall/forwards (esto puede presentarse, por ejemplo, en un dispositivo TP-Link Archer C7). • https://github.com/openwrt/luci/commit/c048f23bad54b0a79449652380b317819e0ea978 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2019-5102
https://notcve.org/view.php?id=CVE-2019-5102
18 Nov 2019 — An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.An exploitable information leak vulnerability exists in the ustream-... • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893 • CWE-295: Improper Certificate Validation •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2019-5101
https://notcve.org/view.php?id=CVE-2019-5101
18 Nov 2019 — An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.An exploitable information leak vulnerability exists in the ustream-... • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893 • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17367
https://notcve.org/view.php?id=CVE-2019-17367
18 Oct 2019 — OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/. OpenWRT versión de firmware 18.06.4, es vulnerable a CSRF por medio del archivo wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, o network/lan bajo /cgi-bin/luci/admin/net... • https://github.com/openwrt/luci/commit/f8c6eb67cd9da09ee20248fec6ab742069635e47 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2018-19630
https://notcve.org/view.php?id=CVE-2018-19630
28 Nov 2018 — cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI. cgi_handle_request en uhttpd en OpenWrt hasta la versión 18.06.1 y LEDE hasta la versión 17.01 tiene Cross-Site Scripting (XSS) reflejado sin autenticación mediante el URI, tal y como queda demostrado con un URI cgi-bin/?[XSS]. • https://bugs.openwrt.org/index.php?do=details&task_id=1974 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •