Articles with tag: Eval
POSTED BY: John Torakis / 02.10.2017

e2openplugin OpenWebif saveConfig remote code execution

CENSUS ID:CENSUS-2017-0001
CVE ID:CVE-2017-9807
Affected Products:e2openplugin OpenWebif (versions 0.2.9-1.2.4)
Class:Improper control of generation of code ('Code Injection') (CWE-94)
Discovered by:John Torakis

OpenWebif is a Web application that is used in IP TVs and media boxes to provide an easy-to-use Web Interface. It is written mostly in Python (Backend) and JavaScript (Frontend). It can be found in DreamBox devices.