Openwrt
by Openwrt
Source repositories
CVEs (20)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-11116 | Hig | 0.57 | 8.8 | 0.02 | Jun 19, 2018 | OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the… | ||
| CVE-2026-32721 | Hig | 0.49 | 8.6 | 0.00 | Mar 19, 2026 | LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the… | ||
| CVE-2023-30312 | Hig | 0.47 | 7.3 | 0.00 | May 28, 2024 | An issue discovered in OpenWrt 18.06, 19.07, 21.02, 22.03, and beyond allows off-path attackers to hijack TCP sessions, which could lead to a denial of service, impersonating the client to the server (e.g., for access to files over FTP), and impersonating the server to the… | ||
| CVE-2026-30874 | 0.00 | — | 0.00 | Mar 19, 2026 | OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplug_call function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege… | |||
| CVE-2026-30873 | 0.00 | — | 0.01 | Mar 19, 2026 | OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jp_get_token function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting… | |||
| CVE-2026-30872 | 0.00 | — | 0.02 | Mar 19, 2026 | OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the match_ipv6_addresses function, triggered when processing PTR queries for IPv6 reverse DNS… | |||
| CVE-2026-30871 | 0.00 | — | 0.01 | Mar 19, 2026 | OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the parse_question function. The issue is triggered by PTR queries for reverse DNS domains… | |||
| CVE-2025-62526 | 0.00 | — | 0.00 | Oct 22, 2025 | OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, ubusd contains a heap buffer overflow in the event registration parsing code. This allows an attacker to modify the head and potentially execute arbitrary code in the context of the… | |||
| CVE-2025-62525 | 0.00 | — | 0.00 | Oct 22, 2025 | OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, local users could read and write arbitrary kernel memory using the ioctls of the ltq-ptm driver which is used to drive the datapath of the DSL line. This only effects the lantiq… | |||
| CVE-2022-38333 | 0.00 | — | 0.01 | Sep 19, 2022 | Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request. | |||
| CVE-2021-45904 | 0.00 | — | 0.01 | Dec 27, 2021 | OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen. | |||
| CVE-2021-45905 | 0.00 | — | 0.01 | Dec 27, 2021 | OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen. | |||
| CVE-2021-45906 | 0.00 | — | 0.01 | Dec 27, 2021 | OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen. | |||
| CVE-2021-32019 | 0.00 | — | 0.01 | Aug 2, 2021 | There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP. | |||
| CVE-2021-22161 | 0.00 | — | 0.01 | Feb 7, 2021 | In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address… | |||
| CVE-2020-7982 | 0.00 | — | 0.02 | Mar 16, 2020 | An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to… | |||
| CVE-2019-18993 | 0.00 | — | 0.01 | Dec 3, 2019 | OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device). | |||
| CVE-2019-5102 | 0.00 | — | 0.01 | Nov 18, 2019 | An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit… | |||
| CVE-2019-5101 | 0.00 | — | 0.01 | Nov 18, 2019 | An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit… | |||
| CVE-2019-17367 | 0.00 | — | 0.01 | Oct 18, 2019 | OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/. |
- risk 0.57cvss 8.8epss 0.02
OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the…
- risk 0.49cvss 8.6epss 0.00
LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the…
- risk 0.47cvss 7.3epss 0.00
An issue discovered in OpenWrt 18.06, 19.07, 21.02, 22.03, and beyond allows off-path attackers to hijack TCP sessions, which could lead to a denial of service, impersonating the client to the server (e.g., for access to files over FTP), and impersonating the server to the…
- CVE-2026-30874Mar 19, 2026risk 0.00cvss —epss 0.00
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplug_call function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege…
- CVE-2026-30873Mar 19, 2026risk 0.00cvss —epss 0.01
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jp_get_token function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting…
- CVE-2026-30872Mar 19, 2026risk 0.00cvss —epss 0.02
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the match_ipv6_addresses function, triggered when processing PTR queries for IPv6 reverse DNS…
- CVE-2026-30871Mar 19, 2026risk 0.00cvss —epss 0.01
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the parse_question function. The issue is triggered by PTR queries for reverse DNS domains…
- CVE-2025-62526Oct 22, 2025risk 0.00cvss —epss 0.00
OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, ubusd contains a heap buffer overflow in the event registration parsing code. This allows an attacker to modify the head and potentially execute arbitrary code in the context of the…
- CVE-2025-62525Oct 22, 2025risk 0.00cvss —epss 0.00
OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, local users could read and write arbitrary kernel memory using the ioctls of the ltq-ptm driver which is used to drive the datapath of the DSL line. This only effects the lantiq…
- CVE-2022-38333Sep 19, 2022risk 0.00cvss —epss 0.01
Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request.
- CVE-2021-45904Dec 27, 2021risk 0.00cvss —epss 0.01
OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen.
- CVE-2021-45905Dec 27, 2021risk 0.00cvss —epss 0.01
OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen.
- CVE-2021-45906Dec 27, 2021risk 0.00cvss —epss 0.01
OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen.
- CVE-2021-32019Aug 2, 2021risk 0.00cvss —epss 0.01
There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP.
- CVE-2021-22161Feb 7, 2021risk 0.00cvss —epss 0.01
In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address…
- CVE-2020-7982Mar 16, 2020risk 0.00cvss —epss 0.02
An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to…
- CVE-2019-18993Dec 3, 2019risk 0.00cvss —epss 0.01
OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device).
- CVE-2019-5102Nov 18, 2019risk 0.00cvss —epss 0.01
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit…
- CVE-2019-5101Nov 18, 2019risk 0.00cvss —epss 0.01
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit…
- CVE-2019-17367Oct 18, 2019risk 0.00cvss —epss 0.01
OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/.