An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval() call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated remote attacker to execute arbitrary Python code or OS commands via api/saveconfig.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2017-06-22T03:00:00
Updated: 2024-08-05T17:18:01.914Z
Reserved: 2017-06-21T00:00:00
Link: CVE-2017-9807
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-06-22T03:29:00.207
Modified: 2017-10-13T01:29:00.927
Link: CVE-2017-9807
Redhat
No data.