Known Vulnerabilities for products from Openwrt
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Openwrt".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-33425 | A stored cross-site scripting (XSS) vulnerability was discovered in the Web Interface for OpenWRT LuCI version 19.07 which al... | 5.4 - MEDIUM | 2021-05-25 | 2023-05-24 |
| CVE-2021-32019 | There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci w... | 6.1 - MEDIUM | 2021-08-02 | 2023-05-24 |
| CVE-2021-28961 | applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated... | 8.8 - HIGH | 2021-03-21 | 2023-05-24 |
| CVE-2021-27821 | The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability w... | 6.1 - MEDIUM | 2021-05-25 | 2021-06-03 |
| CVE-2021-22161 | In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic betwe... | 6.5 - MEDIUM | 2021-02-07 | 2023-05-24 |
| CVE-2020-28951 | libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. T... | 9.8 - CRITICAL | 2020-11-19 | 2023-11-07 |
| CVE-2020-10871 | ** DISPUTED ** In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and ser... | 5.3 - MEDIUM | 2020-03-23 | 2023-11-07 |
| CVE-2020-7982 | An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg... | 8.1 - HIGH | 2020-03-16 | 2023-05-24 |
| CVE-2020-7248 | libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may ... | 7.5 - HIGH | 2020-03-16 | 2023-05-24 |
| CVE-2019-25015 | LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID. | 5.4 - MEDIUM | 2021-01-26 | 2023-05-24 |
| CVE-2019-19945 | uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds a... | 7.5 - HIGH | 2020-03-16 | 2023-05-24 |
| CVE-2019-18993 | OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (thi... | 5.4 - MEDIUM | 2019-12-03 | 2023-05-24 |
| CVE-2019-18992 | OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router"... | 5.4 - MEDIUM | 2019-12-03 | 2023-05-24 |
| CVE-2019-17367 | OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, fire... | 8.8 - HIGH | 2019-10-18 | 2019-10-22 |
| CVE-2019-15513 | An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Mot... | 7.5 - HIGH | 2019-08-23 | 2023-11-07 |
| CVE-2019-12272 | In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status ... | 9.8 - CRITICAL | 2019-05-23 | 2020-08-24 |
| CVE-2019-5102 | An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. Whe... | 5.9 - MEDIUM | 2019-11-18 | 2023-07-12 |
| CVE-2019-5101 | An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. Whe... | 5.9 - MEDIUM | 2019-11-18 | 2023-07-12 |
| CVE-2018-19630 | cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI,... | 6.1 - MEDIUM | 2018-11-28 | 2018-12-31 |
| CVE-2018-11116 | ** DISPUTED ** OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote... | 8.8 - HIGH | 2018-06-19 | 2023-11-07 |