applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests.
References
Link | Resource |
---|---|
https://github.com/openwrt/luci/commit/9df7ea4d66644df69fcea18b36bc465912ffc | Patch Third Party Advisory |
https://openwrt.org/advisory/2021-08-01-3 | Patch Vendor Advisory |
Configurations
Information
Published : 2021-03-20 23:15
Updated : 2021-09-16 08:44
NVD link : CVE-2021-28961
Mitre link : CVE-2021-28961
JSON object : View
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Products Affected
openwrt
- openwrt