CVE-2022-38333
https://notcve.org/view.php?id=CVE-2022-38333
Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request. Se ha detectado que Openwrt versiones anteriores a v21.02.3 y Openwrt versión v22.03.0-rc6, contienen dos bucles de omisión en la función header_value(). Esta vulnerabilidad permite a atacantes acceder a información confidencial por medio de una petición HTTP diseñada • https://git.openwrt.org/?p=project/cgi-io.git%3Ba=commit%3Bh=901b0f0463c9d16a8cf5b9ed37118d8484bc9176 https://git.openwrt.org/?p=project/cgi-io.git%3Ba=commitdiff%3Bh=901b0f0463c9d16a8cf5b9ed37118d8484bc9176 https://git.openwrt.org/?p=project/cgi-io.git%3Ba=patch%3Bh=901b0f0463c9d16a8cf5b9ed37118d8484bc9176 • CWE-125: Out-of-bounds Read •
CVE-2021-45904
https://notcve.org/view.php?id=CVE-2021-45904
OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen. OpenWrt versión 21.02.1 permite un ataque de tipo XSS por medio de la Pantalla Port Forwards Add Name • https://bugs.openwrt.org/index.php?do=details&task_id=4199 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-45905
https://notcve.org/view.php?id=CVE-2021-45905
OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen. OpenWrt versión 21.02.1 permite un ataque de tipo XSS por medio de la Pantalla Traffic Rules Name • https://bugs.openwrt.org/index.php?do=details&task_id=4199 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-45906
https://notcve.org/view.php?id=CVE-2021-45906
OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen. OpenWrt versión 21.02.1 permite XSS por medio de la Pantalla NAT Rules Name • https://bugs.openwrt.org/index.php?do=details&task_id=4199 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •