CVE-2023-24182

Name of the Vulnerable Software and Affected Versions OpenWrt versions prior to the version with the fixed LuCI openwrt-22.03 branch LuCI openwrt-22.03 branch git-22.361.69894-438c598

Description The issue is related to a stored cross-site scripting (XSS) vulnerability in the sshkeys.js component of the LuCI interface in OpenWrt. This vulnerability can be exploited by a remote attacker to perform cross-site scripting attacks. The vulnerability is due to insufficient protection of the web page structure.

Recommendations For OpenWrt versions prior to the version with the fixed LuCI openwrt-22.03 branch, consider disabling access to the /system/sshkeys.js component until a patch is available. For LuCI openwrt-22.03 branch git-22.361.69894-438c598, update to a version that includes the fix for the stored XSS vulnerability. As a temporary workaround, restrict access to the vulnerable sshkeys.js component to minimize the risk of exploitation.