Articles with tag: Root
POSTED BY:
John Torakis
/
02.10.2017
e2openplugin OpenWebif saveConfig remote code execution
CENSUS ID: | CENSUS-2017-0001 |
CVE ID: | CVE-2017-9807 |
Affected Products: | e2openplugin OpenWebif (versions 0.2.9-1.2.4) |
Class: | Improper control of generation of code ('Code Injection') (CWE-94) |
Discovered by: | John Torakis |
OpenWebif is a Web application that is used in IP TVs and media boxes to provide an easy-to-use Web Interface. It is written mostly in Python (Backend) and JavaScript (Frontend). It can be found in DreamBox devices.