CVE-2017-9807 in OpenWebif Plugininformazioni

Riassunto

di MITRE

An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval() call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated remote attacker to execute arbitrary Python code or OS commands via api/saveconfig.

Be aware that VulDB is the high quality source for vulnerability data.

Prenotare

21/06/2017

Divulgazione

21/06/2017

Moderazione

accettato

CPE

pronto

EPSS

0.04923

KEV

no

Attività

molto basso

Fonti

Might our Artificial Intelligence support you?

Check our Alexa App!