4 matches found
e2openplugin OpenWebif 1.2.4 Code Execution Vulnerability
Exploit for linux platform in category remote exploits e2openplugin-OpenWebif is an open source web interface plugin for IP TVs and media centers. It is found in several IP TV software images and hardware products including the commercial Dreambox devices. A remote code injection vulnerability wa...
e2openplugin OpenWebif 1.2.4 Code Execution
Hello all, e2openplugin-OpenWebif is an open source web interface plugin for IP TVs and media centers. It is found in several IP TV software images and hardware products including the commercial Dreambox devices. A remote code injection vulnerability was found in the "key" HTTP GET parameter of t...
CVE-2017-9807
An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated remote attacker to execute arbitrary Python cod...
CVE-2017-9807
OpenWebif plugin for E2 open devices (versions up to 1.2.4) is affected. The saveConfig function in plugin/controllers/models/config.py evaluates the HTTP GET parameter key, enabling unauthenticated remote code execution via /api/saveconfig. Some devices run the plugin with root privileges (e.g.,...