Cross-Site Scripting Vulnerability in OpenWRT LuCI Web Interface
CVE-2021-27821

6.1MEDIUM

Key Information:

Vendor: Openwrt
Status: Luci
Vendor: CVE Published:; 25 May 2021

What is CVE-2021-27821?

The LuCI Web Interface for OpenWRT, specifically versions 19.07 and below, is susceptible to a cross-site scripting vulnerability. This flaw allows attackers to inject malicious scripts into web pages viewed by users, potentially leading to arbitrary code execution. Exploiting this vulnerability could allow unauthorized access or manipulation of sensitive data, jeopardizing the integrity and security of the web interface.

References

http://openwrt.com

x_refsource_MISC

http://openwrtorg.com

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 25, 2021
Vulnerability Reserved
Mar 1, 2021

JSON

Openwrt

What is CVE-2021-27821?

References

CVSS V3.1

Timeline