Vulnerability in OpenWrt Leads to Information Disclosure Risk
CVE-2022-38333

7.5HIGH

Key Information:

Vendor

Openwrt

Status
Openwrt
Vendor
CVE Published:
19 September 2022

What is CVE-2022-38333?

The vulnerability affects OpenWrt versions prior to v21.02.3 and v22.03.0-rc6 due to the presence of two skip loops in the header_value() function. Exploiting this flaw enables an attacker to craft specific HTTP requests that can expose sensitive information, leading to potential unauthorized access to critical data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://git.openwrt.org/?p=project/cgi-io.git%3Ba=commit%...
x_refsource_MISC
https://git.openwrt.org/?p=project/cgi-io.git%3Ba=commitd...
x_refsource_MISC
https://git.openwrt.org/?p=project/cgi-io.git%3Ba=patch%3...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.