CVE-2018-19630

Name of the Vulnerable Software and Affected Versions OpenWrt versions through 18.06.1 LEDE versions through 17.01

Description The issue is related to unauthenticated reflected XSS via the URI. This can be demonstrated by a cgi-bin/?[XSS] URI, where an attacker can inject malicious code.

Recommendations For OpenWrt versions through 18.06.1, update to a version later than 18.06.1 to resolve the issue. For LEDE versions through 17.01, update to a version later than 17.01 to resolve the issue. As a temporary workaround, consider restricting access to the cgi-bin directory to minimize the risk of exploitation.