In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability.
References
Link | Resource |
---|---|
https://github.com/openwrt/luci/commits/master | Patch Third Party Advisory |
https://github.com/openwrt/luci/commit/9e4b8a91384562e3baee724a52b72e30b1aa006d | Patch Third Party Advisory |
Configurations
Information
Published : 2019-05-23 08:30
Updated : 2020-08-24 10:37
NVD link : CVE-2019-12272
Mitre link : CVE-2019-12272
JSON object : View
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Products Affected
openwrt
- luci