CVE-2017-9807 in OpenWebif Plugininfo

Summary

An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval() call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated remote attacker to execute arbitrary Python code or OS commands via api/saveconfig.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

06/21/2017

Disclosure

06/21/2017

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-94 (Confirmed)

CVSS

8.5

EPSS

0.14043

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-9807
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-9807
CVE Details	https://www.cvedetails.com/cve/CVE-2017-9807/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!