Description
An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval() call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated remote attacker to execute arbitrary Python code or OS commands via api/saveconfig.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
No history.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-05T17:18:01.914Z
Reserved: 2017-06-21T00:00:00.000Z
Link: CVE-2017-9807
No data.
Status : Modified
Published: 2017-06-22T03:29:00.207
Modified: 2026-06-17T01:28:57.827
Link: CVE-2017-9807
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-94
Improper Control of Generation of Code ('Code Injection')