First published: Mon Aug 02 2021(Updated: )
There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
OpenWrt OpenWrt | >=19.07.0<19.07.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-32019 is a vulnerability in OpenWrt before version 19.07.8 that allows for XSS attacks through the luci web-interface, potentially leading to full control of the affected system.
CVE-2021-32019 has a severity rating of 6.1 (medium).
CVE-2021-32019 affects OpenWrt versions before 19.07.8 and allows for XSS attacks through the Connection Status page of the luci web-interface.
CVE-2021-32019 can be exploited by using XSS attacks through the luci web-interface, potentially leading to full control of the affected system.
Yes, the fix for CVE-2021-32019 is to update OpenWrt to version 19.07.8 or later.