Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution. NOTE: The developer disputes this as a vulnerability, indicating that rpcd functions appropriately
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OpenWrt 安全漏洞
Vulnerability Description
OpenWrt是一套针对嵌入式设备的Linux操作系统。该系统能够提供完全可写的文件系统和包管理。 OpenWrt中的/etc/config/rpcd和/usr/share/rpcd/acl.d文件存在安全漏洞。远程攻击者可利用该漏洞调用任意方法(如通过HTTP协议访问ubus),造成信息泄露或执行代码。
CVSS Information
N/A
Vulnerability Type
N/A