Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openwrt
(Openwrt)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 42 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2018-06-19 | CVE-2018-11116 | OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution. NOTE: The developer disputes this as a vulnerability, indicating that rpcd functions appropriately | Openwrt | 8.8 | ||
2024-02-05 | CVE-2024-20006 | In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477148; Issue ID: ALPS08477148. | Android, Openwrt, Rdk\-B | 6.7 | ||
2023-12-04 | CVE-2023-32855 | In aee, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07909204; Issue ID: ALPS07909204. | Android, Yocto, Openwrt, Rdk\-B | 6.7 | ||
2020-11-19 | CVE-2020-28951 | libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c. | Openwrt | 9.8 | ||
2022-09-19 | CVE-2022-38333 | Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request. | Openwrt | 7.5 | ||
2023-09-04 | CVE-2023-20821 | In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937113; Issue ID: ALPS07937113. | Android, Yocto, Openwrt, Rdk\-B | 6.7 | ||
2023-09-04 | CVE-2023-20830 | In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014156. | Android, Yocto, Openwrt, Rdk\-B | 6.7 | ||
2023-09-04 | CVE-2023-20820 | In wlan service, there is a possible command injection due to improper input validation. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00244189; Issue ID: WCNCR00244189. | Openwrt | 7.2 | ||
2023-09-04 | CVE-2023-20829 | In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014148. | Android, Yocto, Openwrt, Rdk\-B | 6.7 | ||
2023-09-04 | CVE-2023-20828 | In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014144. | Android, Yocto, Openwrt, Rdk\-B | 6.7 |