CVE-2019-25015

Name of the Vulnerable Software and Affected Versions OpenWrt versions 18.06.0 through 18.06.4

Description The issue is related to a stored XSS vulnerability in LuCI, a component of OpenWrt. This vulnerability can be exploited via a crafted SSID, potentially allowing a remote attacker to perform cross-site scripting attacks. The vulnerability is associated with the lack of protection for the web page structure.

Recommendations For OpenWrt versions 18.06.0 through 18.06.4, consider disabling the SSID crafting functionality until a patch is available. Restrict access to the LuCI interface to minimize the risk of exploitation. Avoid using crafted SSIDs in the affected OpenWrt versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.