CVE ID: CVE-2022-41435
Name of Affected Product(s): OpenWRT LuCI
Affected Version(s): git-22.140.66206-02913be
Problem Type:
- Vulnerability Type:
Stored XSS via injection of markdown in SSH public key comments - Root Cause:
Theluci-mod-system
module parses SSH public key information
from the file/etc/dropbear/authorized_keys
within OpenWRT's
filesystem but fails to properly sanitize SSH public key