First published: Tue Dec 03 2019(Updated: )
OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
OpenWrt OpenWrt | =18.06.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this OpenWrt vulnerability is CVE-2019-18993.
The severity of CVE-2019-18993 is medium with a severity value of 5.4.
CVE-2019-18993 allows XSS (Cross-Site Scripting) attacks via the "New port forward" Name field on OpenWrt 18.06.4.
An XSS attack can be performed by injecting malicious scripts into the "New port forward" Name field on OpenWrt 18.06.4.
Yes, there is a fix available for CVE-2019-18993. It is recommended to update to a version that includes the fix.