Vulnerability Description
An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval() call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated remote attacker to execute arbitrary Python code or OS commands via api/saveconfig.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openwebif Project | Openwebif | <= 1.2.4 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2017/10/02/4
- http://www.securityfocus.com/bid/99232Third Party AdvisoryVDB Entry
- https://census-labs.com/news/2017/10/02/e2openplugin-openwebif-saveconfig-remote
- https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/620ExploitIssue TrackingThird Party Advisory
- http://www.openwall.com/lists/oss-security/2017/10/02/4
- http://www.securityfocus.com/bid/99232Third Party AdvisoryVDB Entry
- https://census-labs.com/news/2017/10/02/e2openplugin-openwebif-saveconfig-remote
- https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/620ExploitIssue TrackingThird Party Advisory
FAQ
What is CVE-2017-9807?
CVE-2017-9807 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval() call on the contents of the "key"...
How severe is CVE-2017-9807?
CVE-2017-9807 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-9807?
Check the references section above for vendor advisories and patch information. Affected products include: Openwebif Project Openwebif.