CVE-2021-28961

openwrt/luci

on github

Published

March 21, 2021

Severity

CVSS v3:

8.8 HIGH

CVSS v2:

6.5 MEDIUM

Description

applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests.

References

https://github.com/openwrt/luci/commit/9df7ea4d66644df69fcea18b36bc465912ffc
https://openwrt.org/advisory/2021-08-01-3

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:openwrt:openwrt:19.07.0:-::::::	n/a	n/a	19.07.0
cpe:2.3:o:openwrt:openwrt:19.07.0:-::::::	n/a	n/a	19.07.0

External Links

NVD - CVE-2021-28961