CVE-2021-45904

Name of the Vulnerable Software and Affected Versions OpenWrt version 21.02.1

Description The issue exists due to a lack of protection for the web page structure in the OpenWrt embedded operating system. This can be exploited by a remote attacker to impact the confidentiality and integrity of protected information. The vulnerability allows for XSS via the Port Forwards Add Name screen.

Recommendations For OpenWrt version 21.02.1, consider disabling access to the Port Forwards Add Name screen until a patch is available to prevent XSS exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.