CVE-2019-12272: OS Command Injection
First published: Thu May 23 2019(Updated: )
In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenWRT LuCI | <=0.10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2019-12272.
What is the severity rating of CVE-2019-12272?
CVE-2019-12272 has a severity rating of 9.8 (critical).
Which software versions are affected by CVE-2019-12272?
OpenWrt LuCI versions up to and including 0.10.0 are affected by CVE-2019-12272.
What is the CWE ID for this vulnerability?
The CWE IDs for CVE-2019-12272 are 77 and 78.
How can I fix CVE-2019-12272?
To fix CVE-2019-12272, you should update OpenWrt LuCI to a version beyond 0.10.0.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/openwrt
- canonical/openwrt luci
- version/openwrt luci/0.10.0