There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP.
Advisories
Source ID Title
EUVD EUVD EUVD-2021-18886 There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

References
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-03T23:17:27.900Z

Reserved: 2021-05-03T00:00:00

Link: CVE-2021-32019

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-08-02T21:15:08.380

Modified: 2024-11-21T06:06:43.617

Link: CVE-2021-32019

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.