Openwrt
Products
9- 20 CVEs
- 13 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
38| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-11116 | Hig | 0.57 | 8.8 | 0.02 | Jun 19, 2018 | OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the… | ||
| CVE-2024-54143 | Cri | 0.54 | — | 0.02 | Dec 6, 2024 | openwrt/asu is an image on demand server for OpenWrt based distributions. The request hashing mechanism truncates SHA-256 hashes to only 12 characters. This significantly reduces entropy, making it feasible for an attacker to generate collisions. By exploiting this, a previously… | ||
| CVE-2024-51240 | Hig | 0.52 | 8.0 | 0.00 | Nov 5, 2024 | An issue in the luci-mod-rpc package in OpenWRT Luci LTS allows for privilege escalation from an admin account to root via the JSON-RPC-API, which is exposed by the luci-mod-rpc package | ||
| CVE-2026-32721 | Hig | 0.49 | 8.6 | 0.00 | Mar 19, 2026 | LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the… | ||
| CVE-2023-30312 | Hig | 0.47 | 7.3 | 0.00 | May 28, 2024 | An issue discovered in OpenWrt 18.06, 19.07, 21.02, 22.03, and beyond allows off-path attackers to hijack TCP sessions, which could lead to a denial of service, impersonating the client to the server (e.g., for access to files over FTP), and impersonating the server to the… | ||
| CVE-2025-57389 | Med | 0.35 | 5.4 | 0.00 | Oct 1, 2025 | A reflected cross-site scripting (XSS) vulnerability in the /admin/system/packages endpoint of Luci OpenWRT v18.06.2 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload. This vulnerability was fixed in OpenWRT v19.07.0. | ||
| CVE-2019-12272 | 0.01 | — | 0.07 | May 23, 2019 | In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability. | |||
| CVE-2026-30874 | 0.00 | — | 0.00 | Mar 19, 2026 | OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplug_call function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege… | |||
| CVE-2026-30873 | 0.00 | — | 0.01 | Mar 19, 2026 | OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jp_get_token function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting… | |||
| CVE-2026-30872 | 0.00 | — | 0.02 | Mar 19, 2026 | OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the match_ipv6_addresses function, triggered when processing PTR queries for IPv6 reverse DNS… | |||
| CVE-2026-30871 | 0.00 | — | 0.01 | Mar 19, 2026 | OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the parse_question function. The issue is triggered by PTR queries for reverse DNS domains… | |||
| CVE-2025-62526 | 0.00 | — | 0.00 | Oct 22, 2025 | OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, ubusd contains a heap buffer overflow in the event registration parsing code. This allows an attacker to modify the head and potentially execute arbitrary code in the context of the… | |||
| CVE-2025-62525 | 0.00 | — | 0.00 | Oct 22, 2025 | OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, local users could read and write arbitrary kernel memory using the ioctls of the ltq-ptm driver which is used to drive the datapath of the DSL line. This only effects the lantiq… | |||
| CVE-2023-24182 | 0.00 | — | 0.01 | Apr 11, 2023 | LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /system/sshkeys.js. | |||
| CVE-2023-24181 | 0.00 | — | 0.01 | Apr 10, 2023 | LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /openvpn/pageswitch.htm. | |||
| CVE-2022-41435 | 0.00 | — | 0.00 | Nov 3, 2022 | OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public key comments. | |||
| CVE-2022-38333 | 0.00 | — | 0.01 | Sep 19, 2022 | Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request. | |||
| CVE-2021-45904 | 0.00 | — | 0.01 | Dec 27, 2021 | OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen. | |||
| CVE-2021-45905 | 0.00 | — | 0.01 | Dec 27, 2021 | OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen. | |||
| CVE-2021-45906 | 0.00 | — | 0.01 | Dec 27, 2021 | OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen. |
- risk 0.57cvss 8.8epss 0.02
OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the…
- risk 0.54cvss —epss 0.02
openwrt/asu is an image on demand server for OpenWrt based distributions. The request hashing mechanism truncates SHA-256 hashes to only 12 characters. This significantly reduces entropy, making it feasible for an attacker to generate collisions. By exploiting this, a previously…
- risk 0.52cvss 8.0epss 0.00
An issue in the luci-mod-rpc package in OpenWRT Luci LTS allows for privilege escalation from an admin account to root via the JSON-RPC-API, which is exposed by the luci-mod-rpc package
- risk 0.49cvss 8.6epss 0.00
LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the…
- risk 0.47cvss 7.3epss 0.00
An issue discovered in OpenWrt 18.06, 19.07, 21.02, 22.03, and beyond allows off-path attackers to hijack TCP sessions, which could lead to a denial of service, impersonating the client to the server (e.g., for access to files over FTP), and impersonating the server to the…
- risk 0.35cvss 5.4epss 0.00
A reflected cross-site scripting (XSS) vulnerability in the /admin/system/packages endpoint of Luci OpenWRT v18.06.2 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload. This vulnerability was fixed in OpenWRT v19.07.0.
- CVE-2019-12272May 23, 2019risk 0.01cvss —epss 0.07
In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability.
- CVE-2026-30874Mar 19, 2026risk 0.00cvss —epss 0.00
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplug_call function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege…
- CVE-2026-30873Mar 19, 2026risk 0.00cvss —epss 0.01
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jp_get_token function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting…
- CVE-2026-30872Mar 19, 2026risk 0.00cvss —epss 0.02
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the match_ipv6_addresses function, triggered when processing PTR queries for IPv6 reverse DNS…
- CVE-2026-30871Mar 19, 2026risk 0.00cvss —epss 0.01
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the parse_question function. The issue is triggered by PTR queries for reverse DNS domains…
- CVE-2025-62526Oct 22, 2025risk 0.00cvss —epss 0.00
OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, ubusd contains a heap buffer overflow in the event registration parsing code. This allows an attacker to modify the head and potentially execute arbitrary code in the context of the…
- CVE-2025-62525Oct 22, 2025risk 0.00cvss —epss 0.00
OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, local users could read and write arbitrary kernel memory using the ioctls of the ltq-ptm driver which is used to drive the datapath of the DSL line. This only effects the lantiq…
- CVE-2023-24182Apr 11, 2023risk 0.00cvss —epss 0.01
LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /system/sshkeys.js.
- CVE-2023-24181Apr 10, 2023risk 0.00cvss —epss 0.01
LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /openvpn/pageswitch.htm.
- CVE-2022-41435Nov 3, 2022risk 0.00cvss —epss 0.00
OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public key comments.
- CVE-2022-38333Sep 19, 2022risk 0.00cvss —epss 0.01
Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request.
- CVE-2021-45904Dec 27, 2021risk 0.00cvss —epss 0.01
OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen.
- CVE-2021-45905Dec 27, 2021risk 0.00cvss —epss 0.01
OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen.
- CVE-2021-45906Dec 27, 2021risk 0.00cvss —epss 0.01
OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen.