CVE-2021-28961
on github
Published
Severity
CVSS v3:
8.8 HIGH
CVSS v2:
6.5 MEDIUM
Description
applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:openwrt:openwrt:19.07.0:-:*:*:*:*:*:* | n/a | n/a | 19.07.0 |
cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:* | n/a | n/a | 19.07.0 |