RSS   Vulnerabilities for 'LUCI'   RSS

2020-03-23
 
CVE-2020-10871

CWE-200
 

 
** DISPUTED ** In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other (more complex) ways, and there is no plan to restrict the information further.

 
2019-05-23
 
CVE-2019-12272

CWE-77
 

 
In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability.

 

 >>> Vendor: Openwrt 4 Products
Openwrt
LEDE
LUCI
Libuci


Copyright 2022, cxsecurity.com

 

Back to Top