CVE-2019-12272

openwrt/luci

on github

Published

May 23, 2019

Severity

CVSS v3:

9.8 CRITICAL

CVSS v2:

7.5 HIGH

Description

In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability.

References

https://github.com/openwrt/luci/commits/master
https://github.com/openwrt/luci/commit/9e4b8a91384562e3baee724a52b72e30b1aa006d

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:openwrt:luci::::::::	n/a	0.10.0 (including)	*

External Links

NVD - CVE-2019-12272