CVE-2021-32019
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-32019
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenWrt LuCI 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenWrt LuCI是一款用于OpenWrt(Linux发行版)的图形化配置界面。OpenWrt是一套针对嵌入式设备的Linux操作系统。 OpenWrt luci web-interface 存在跨站脚本漏洞,该漏洞源于 OpenWrt luci web-interface 中处理主机名时对用户提供的数据的清理不足。远程攻击者可以在易受攻击的网站上下文中在用户浏览器中注入和执行任意 HTML 和脚本代码。 公开的漏洞允许远程攻击者执行跨站脚本 (XSS) 攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2021-32019
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-32019
请登录查看更多情报信息。
- https://openwrt.org/advisory/2021-08-01-1x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2021-32019
Same Patch Batch · n/a · 2021-08-02 · 33 CVEs total
| CVE-2021-37843 | 9.8 CRITICAL | Atlassian Jira 访问控制错误漏洞 |
| CVE-2021-37166 | Swisslog Healthcare Nexus Panel 授权问题漏洞 | |
| CVE-2021-22398 | 华为手机 安全漏洞 | |
| CVE-2021-22396 | Huawei eCNS280_TD 权限许可和访问控制问题漏洞 | |
| CVE-2021-37840 | aaPanel 安全漏洞 | |
| CVE-2021-37162 | Swisslog Healthcare Nexus Panel 数字错误漏洞 | |
| CVE-2021-37164 | Swisslog Healthcare Nexus Panel 缓冲区错误漏洞 | |
| CVE-2021-37163 | HMI3 Control Panel 信任管理问题漏洞 | |
| CVE-2021-37167 | Swisslog Healthcare Nexus Panel 安全漏洞 | |
| CVE-2021-22397 | Huawei Manageone 输入验证错误漏洞 | |
| CVE-2021-37160 | Swisslog Healthcare Nexus Panel 数据伪造问题漏洞 | |
| CVE-2021-37161 | Swisslog Healthcare Nexus Panel 数字错误漏洞 | |
| CVE-2021-37165 | Swisslog Healthcare Nexus Panel 数字错误漏洞 | |
| CVE-2021-3351 | OpenPLC 跨站脚本漏洞 | |
| CVE-2021-34556 | Linux kernel 安全漏洞 | |
| CVE-2021-35477 | Linux kernel安全漏洞 | |
| CVE-2021-33196 | Google Go 输入验证错误漏洞 | |
| CVE-2021-37916 | Joplin 跨站脚本漏洞 | |
| CVE-2021-3673 | radare2 输入验证错误漏洞 | |
| CVE-2021-33195 | Google Golang 注入漏洞 |
Showing top 20 of 33 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
V. Comments for CVE-2021-32019
No comments yet