CVE-2017-9333
OpenWebif 1.2.5 is vulnerable to remote code execution via the CallOPKG function in the IpkgController class (plugin/controllers/ipkg.py) when an attacker-controlled URL references a Trojan horse package. The issue arises if untrusted users can trigger CallOPKG calls and can enter arbitrary URLs ...