Vulnerabilities (CVE)

Filtered by vendor Openwrt Subscribe
Filtered by product Luci
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-10871 1 Openwrt 1 Luci 2024-08-04 5.0 MEDIUM 5.3 MEDIUM
** DISPUTED ** In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other (more complex) ways, and there is no plan to restrict the information further.
CVE-2022-41435 1 Openwrt 1 Luci 2024-02-04 N/A 5.4 MEDIUM
OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public key comments.
CVE-2021-27821 1 Openwrt 1 Luci 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability which can lead to attackers carrying out arbitrary code execution.
CVE-2019-12272 1 Openwrt 1 Luci 2024-02-04 7.5 HIGH 9.8 CRITICAL
In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability.