VYPR

Uhttpd

by Openwrt

Source repositories

CVEs (2)

  • CVE-2019-19945Mar 16, 2020
    risk 0.00cvss epss 0.02

    uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked"…

  • CVE-2018-19630Nov 28, 2018
    risk 0.00cvss epss 0.01

    cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI.