NVD
- Id
- 87341
- Name
- CVE-2017-9807
- Description
- An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of plugin/controllers/models/config.py performs an eval() call on the contents of the key HTTP GET parameter. This allows an unauthenticated remote attacker to execute arbitrary Python code or OS commands via api/saveconfig.
- Reject
- CVSS Version
- 2
- CVSS Score
- 10
- Severity
- High
- CVSS Base Score
- 10
- CVSS Impact Subscore
- 10
- CVSS Exploit Subscore
- 10
- CVSS Vector
- (AV:N/AC:L/Au:N/C:C/I:C/A:C)
- Pub Date
- 2017-07-18
- Published
- 2017-06-21
- Modified Date
- 2017-07-03
- Seq
- 2017-9807