CVE-2022-38333
https://notcve.org/view.php?id=CVE-2022-38333
Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request. Se ha detectado que Openwrt versiones anteriores a v21.02.3 y Openwrt versión v22.03.0-rc6, contienen dos bucles de omisión en la función header_value(). Esta vulnerabilidad permite a atacantes acceder a información confidencial por medio de una petición HTTP diseñada • https://git.openwrt.org/?p=project/cgi-io.git%3Ba=commit%3Bh=901b0f0463c9d16a8cf5b9ed37118d8484bc9176 https://git.openwrt.org/?p=project/cgi-io.git%3Ba=commitdiff%3Bh=901b0f0463c9d16a8cf5b9ed37118d8484bc9176 https://git.openwrt.org/?p=project/cgi-io.git%3Ba=patch%3Bh=901b0f0463c9d16a8cf5b9ed37118d8484bc9176 • CWE-125: Out-of-bounds Read •
CVE-2020-28951
https://notcve.org/view.php?id=CVE-2020-28951
libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c. libuci en OpenWrt versiones anteriores a 18.06.9 y versiones 19.x anteriores a 19.07.5, puede encontrar un uso de la memoria previamente liberada cuando se utilizan nombres de paquetes maliciosos. Esto está relacionado a la función uci_parse_package en el archivo file.c y la función uci_strdup en el archivo util.c • https://git.openwrt.org/?p=openwrt/openwrt.git%3Ba=commit%3Bh=5625f5bc36954d644cb80adf8de47854c65d91c3 https://git.openwrt.org/?p=openwrt/openwrt.git%3Ba=log%3Bh=refs/tags/v18.06.9 https://git.openwrt.org/?p=project/uci.git%3Ba=commit%3Bh=a3e650911f5e6f67dcff09974df3775dfd615da6 • CWE-416: Use After Free •
CVE-2019-5102
https://notcve.org/view.php?id=CVE-2019-5102
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request. • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893 • CWE-295: Improper Certificate Validation •
CVE-2019-5101
https://notcve.org/view.php?id=CVE-2019-5101
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request. • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893 • CWE-295: Improper Certificate Validation •
CVE-2019-17367
https://notcve.org/view.php?id=CVE-2019-17367
OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/. OpenWRT versión de firmware 18.06.4, es vulnerable a CSRF por medio del archivo wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, o network/lan bajo /cgi-bin/luci/admin/network/. • https://github.com/openwrt/luci/commit/f8c6eb67cd9da09ee20248fec6ab742069635e47 • CWE-352: Cross-Site Request Forgery (CSRF) •