Timk

**Name of the Vulnerable Software and Affected Versions** OpenWrt versions through 18.06.1 LEDE versions through 17.01 **Description** The issue is related to unauthenticated reflected XSS via the URI. This can be demonstrated by a cgi-bin/?[XSS] URI, where an attacker can inject malicious code. **Recommendations** For OpenWrt versions through 18.06.1, update to a version later than 18.06.1 to resolve the issue. For LEDE versions through 17.01, update to a version later than 17.01 to resolve the issue. As a temporary workaround, consider restricting access to the cgi-bin directory to minimize the risk of exploitation.