Description
OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution. NOTE: The developer disputes this as a vulnerability, indicating that rpcd functions appropriately
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
http://blog.hac425.top/2018/05/16/openwrt_rpcd_acl_fail.html
Various Sources x_refsource_misc
https://forum.openwrt.org/t/rpcd-vulnerability-reported-on-vultdb/16497/3
Scores
CVSS v3
8.8
EPSS
0.0156
EPSS Percentile
81.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-732
Status
published
Products (1)
openwrt/openwrt
Published
Jun 19, 2018
Tracked Since
Feb 18, 2026