applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests.
References
Link | Resource |
---|---|
https://github.com/openwrt/luci/commit/9df7ea4d66644df69fcea18b36bc465912ffc | Patch Third Party Advisory |
https://openwrt.org/advisory/2021-08-01-3 | Patch Vendor Advisory |
Configurations
History
24 May 2023, 15:01
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:* | |
CWE | CWE-78 |
16 Sep 2021, 15:44
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Mar 2021, 01:49
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 8.8 |
References | (MISC) https://github.com/openwrt/luci/commit/9df7ea4d66644df69fcea18b36bc465912ffc - Patch, Third Party Advisory | |
CWE | CWE-77 | |
CPE | cpe:2.3:a:openwrt:openwrt:19.07.0:-:*:*:*:*:*:* |
21 Mar 2021, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-21 06:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-28961
Mitre link : CVE-2021-28961
CVE.ORG link : CVE-2021-28961
JSON object : View
Products Affected
openwrt
- openwrt
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')