OpenWrt luci-app-https-dns-proxy Authenticated Remote Code Execution

60% confidence

Description

An authenticated remote code execution vulnerability exists in OpenWrt's luci-app-https-dns-proxy component due to improper validation of user input, allowing privilege escalation via command injection. The exploit requires valid user credentials with 'https-dns-proxy' ACL permissions.

Affected Products

Vendor	Product	Versions
openwrt	luci-app-https-dns-proxy	< 2026-01-17

Related News (1 articles)

Tier C

Exploit-DB10h ago

[local] OpenWrt 23.05 - Authenticated Remote Code Execution (RCE)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

CWECWE-78

PublishedApr 29, 2026

Last enriched3h ago

Community Vote

0 upvotes0 downvotes

No votes yet

OpenWrt luci-app-https-dns-proxy Authenticated Remote Code Execution

Description

Affected Products

Related News (1 articles)

Community Vote

Related CVEs (4)

Pin to Dashboard

Verification

Vulnerability Timeline