VYPR

Vendor CVEs

Openwrt

All CVEs

38 total · sorted by risk
  • CVE-2018-11116HigJun 19, 2018
    risk 0.57cvss 8.8epss 0.02

    OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the…

  • CVE-2024-54143CriDec 6, 2024
    risk 0.54cvss epss 0.02

    openwrt/asu is an image on demand server for OpenWrt based distributions. The request hashing mechanism truncates SHA-256 hashes to only 12 characters. This significantly reduces entropy, making it feasible for an attacker to generate collisions. By exploiting this, a previously…

  • CVE-2024-51240HigNov 5, 2024
    risk 0.52cvss 8.0epss 0.00

    An issue in the luci-mod-rpc package in OpenWRT Luci LTS allows for privilege escalation from an admin account to root via the JSON-RPC-API, which is exposed by the luci-mod-rpc package

  • CVE-2026-32721HigMar 19, 2026
    risk 0.49cvss 8.6epss 0.00

    LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the…

  • CVE-2023-30312HigMay 28, 2024
    risk 0.47cvss 7.3epss 0.00

    An issue discovered in OpenWrt 18.06, 19.07, 21.02, 22.03, and beyond allows off-path attackers to hijack TCP sessions, which could lead to a denial of service, impersonating the client to the server (e.g., for access to files over FTP), and impersonating the server to the…

  • CVE-2025-57389MedOct 1, 2025
    risk 0.35cvss 5.4epss 0.00

    A reflected cross-site scripting (XSS) vulnerability in the /admin/system/packages endpoint of Luci OpenWRT v18.06.2 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload. This vulnerability was fixed in OpenWRT v19.07.0.

  • CVE-2019-12272May 23, 2019
    risk 0.01cvss epss 0.07

    In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability.

  • CVE-2026-30874Mar 19, 2026
    risk 0.00cvss epss 0.00

    OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplug_call function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege…

  • CVE-2026-30873Mar 19, 2026
    risk 0.00cvss epss 0.01

    OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jp_get_token function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting…

  • CVE-2026-30872Mar 19, 2026
    risk 0.00cvss epss 0.02

    OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the match_ipv6_addresses function, triggered when processing PTR queries for IPv6 reverse DNS…

  • CVE-2026-30871Mar 19, 2026
    risk 0.00cvss epss 0.01

    OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the parse_question function. The issue is triggered by PTR queries for reverse DNS domains…

  • CVE-2025-62526Oct 22, 2025
    risk 0.00cvss epss 0.00

    OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, ubusd contains a heap buffer overflow in the event registration parsing code. This allows an attacker to modify the head and potentially execute arbitrary code in the context of the…

  • CVE-2025-62525Oct 22, 2025
    risk 0.00cvss epss 0.00

    OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, local users could read and write arbitrary kernel memory using the ioctls of the ltq-ptm driver which is used to drive the datapath of the DSL line. This only effects the lantiq…

  • CVE-2023-24182Apr 11, 2023
    risk 0.00cvss epss 0.01

    LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /system/sshkeys.js.

  • CVE-2023-24181Apr 10, 2023
    risk 0.00cvss epss 0.01

    LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /openvpn/pageswitch.htm.

  • CVE-2022-41435Nov 3, 2022
    risk 0.00cvss epss 0.00

    OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public key comments.

  • CVE-2022-38333Sep 19, 2022
    risk 0.00cvss epss 0.01

    Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request.

  • CVE-2021-45904Dec 27, 2021
    risk 0.00cvss epss 0.01

    OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen.

  • CVE-2021-45905Dec 27, 2021
    risk 0.00cvss epss 0.01

    OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen.

  • CVE-2021-45906Dec 27, 2021
    risk 0.00cvss epss 0.01

    OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen.

  • CVE-2021-32019Aug 2, 2021
    risk 0.00cvss epss 0.01

    There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP.

  • CVE-2021-33425May 25, 2021
    risk 0.00cvss epss 0.01

    A stored cross-site scripting (XSS) vulnerability was discovered in the Web Interface for OpenWRT LuCI version 19.07 which allows attackers to inject arbitrary Javascript in the OpenWRT Hostname via the Hostname Change operation.

  • CVE-2021-27821May 25, 2021
    risk 0.00cvss epss 0.01

    The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability which can lead to attackers carrying out arbitrary code execution.

  • CVE-2021-28961Mar 21, 2021
    risk 0.00cvss epss 0.02

    applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests.

  • CVE-2021-22161Feb 7, 2021
    risk 0.00cvss epss 0.01

    In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address…

  • CVE-2019-25015Jan 21, 2021
    risk 0.00cvss epss 0.01

    LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID.

  • CVE-2020-28951Nov 19, 2020
    risk 0.00cvss epss 0.02

    libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c.

  • CVE-2020-10871Mar 23, 2020
    risk 0.00cvss epss 0.02

    In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other…

  • CVE-2020-7982Mar 16, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to…

  • CVE-2020-7248Mar 16, 2020
    risk 0.00cvss epss 0.02

    libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow.

  • CVE-2019-19945Mar 16, 2020
    risk 0.00cvss epss 0.02

    uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked"…

  • CVE-2019-18992Dec 3, 2019
    risk 0.00cvss epss 0.01

    OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router" and "New forward rule" and "New Source NAT" (this can occur, for example, on a TP-Link Archer C7 device).

  • CVE-2019-18993Dec 3, 2019
    risk 0.00cvss epss 0.01

    OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device).

  • CVE-2019-5102Nov 18, 2019
    risk 0.00cvss epss 0.01

    An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit…

  • CVE-2019-5101Nov 18, 2019
    risk 0.00cvss epss 0.01

    An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit…

  • CVE-2019-17367Oct 18, 2019
    risk 0.00cvss epss 0.01

    OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/.

  • CVE-2019-15513Aug 23, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a…

  • CVE-2018-19630Nov 28, 2018
    risk 0.00cvss epss 0.01

    cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI.