PT-2018-15026 · Lede+1 · Lede+1

Timk

Published

2018-11-28

Updated

2018-12-31

CVE-2018-19630

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions OpenWrt versions through 18.06.1 LEDE versions through 17.01

Description The issue is related to unauthenticated reflected XSS via the URI. This can be demonstrated by a cgi-bin/?[XSS] URI, where an attacker can inject malicious code.

Recommendations For OpenWrt versions through 18.06.1, update to a version later than 18.06.1 to resolve the issue. For LEDE versions through 17.01, update to a version later than 17.01 to resolve the issue. As a temporary workaround, consider restricting access to the cgi-bin directory to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-19630

Affected Products

Lede

Openwrt

PT-2018-15026 · Lede+1 · Lede+1

CVE-2018-19630

Weakness Enumeration

Related Identifiers

Affected Products

References · 3