Skip to main content

Travelmate

1 CVEs product

Monthly

CVE-2026-58652 HIGH PATCH This Week

Root-level command injection in OpenWrt's luci-app-travelmate/travelmate (confirmed in 2.4.5-r3, sink still present in 2.4.6-1) lets an rpcd/LuCI session holding only the luci-app-travelmate write ACL escalate to arbitrary command execution as root. The LuCI UI limits the auto-login script picker to /etc/travelmate/*.login, but that is a frontend-only check: the root-run backend reads the raw UCI 'script' and 'script_args' values, so an attacker sets script to /bin/sh with controlled arguments to run commands as root when the captive-portal auto-login branch fires. Reported by VulnCheck with no public exploit identified at time of analysis and no CISA KEV listing.

Command Injection Luci App Travelmate Travelmate
NVD GitHub
CVSS 4.0
7.7
EPSS
0.5%
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Root-level command injection in OpenWrt's luci-app-travelmate/travelmate (confirmed in 2.4.5-r3, sink still present in 2.4.6-1) lets an rpcd/LuCI session holding only the luci-app-travelmate write ACL escalate to arbitrary command execution as root. The LuCI UI limits the auto-login script picker to /etc/travelmate/*.login, but that is a frontend-only check: the root-run backend reads the raw UCI 'script' and 'script_args' values, so an attacker sets script to /bin/sh with controlled arguments to run commands as root when the captive-portal auto-login branch fires. Reported by VulnCheck with no public exploit identified at time of analysis and no CISA KEV listing.

Command Injection Luci App Travelmate Travelmate
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy