← Back

Lede

lede

Vendor: Openwrt • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-7982
1Openwrt
2Lede
Openwrt
Nov 21, 2024
Mar 16, 2020
N/A· v4
8.1 HIGH· v3
6.8 MEDIUM· v2
An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed...Show more
An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary package payloads (which are installed without verification).Show less
CVE-2018-19630
1Openwrt
2Lede
Openwrt
Nov 21, 2024
Nov 28, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI.