CVE-2021-45906

Name of the Vulnerable Software and Affected Versions OpenWrt version 21.02.1

Description The issue is related to a lack of protection for the web page structure in the NAT Rules Name screen of the LuCI configuration web interface in OpenWrt. This can be exploited by a remote attacker to perform cross-site scripting (XSS) attacks.

Recommendations For OpenWrt version 21.02.1, as a temporary workaround, consider disabling access to the NAT Rules Name screen until a patch is available. Restrict access to the vulnerable component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.