CVE-2020-10871

openwrt/luci

on github

Published

March 23, 2020

Severity

CVSS v3:

5.3 MEDIUM

CVSS v2:

5 MEDIUM

Description

In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other (more complex) ways, and there is no plan to restrict the information further

References

https://github.com/openwrt/luci/issues/3766
https://github.com/openwrt/luci/issues/3653#issue-567892007
https://github.com/openwrt/luci/issues/3563#issuecomment-578522860

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:openwrt:luci:git-20.049.11521-bebfe20:::::::*	n/a	n/a	git-20.049.11521-bebfe20
cpe:2.3:a:openwrt:luci:git-20.078.22902-0ed0d42:::::::*	n/a	n/a	git-20.078.22902-0ed0d42

External Links

NVD - CVE-2020-10871