Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities found for openwebif by openwebif_project
CVE-2021-38113 (GCVE-0-2021-38113)
Vulnerability from cvelistv5 – Published: 2021-08-04 18:42 – Updated: 2024-08-04 01:30
VLAI
Summary
In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) through 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor (i.e., bouqueteditor/api/addbouquet?name=) leads to Stored XSS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/E2OpenPlugins/e2openplugin-Ope… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:09.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/1387"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) through 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor (i.e., bouqueteditor/api/addbouquet?name=) leads to Stored XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-04T18:42:07.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/1387"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38113",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) through 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor (i.e., bouqueteditor/api/addbouquet?name=) leads to Stored XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/1387",
"refsource": "MISC",
"url": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/1387"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38113",
"datePublished": "2021-08-04T18:42:07.000Z",
"dateReserved": "2021-08-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:30:09.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20332 (GCVE-0-2018-20332)
Vulnerability from cvelistv5 – Published: 2018-12-21 09:00 – Updated: 2024-08-05 11:58
VLAI
Summary
An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with /file?action=download&file= followed by a full pathname, and listing of arbitrary directories is possible with /file?action=download&dir= followed by a full pathname. This is related to plugin/controllers/file.py in the e2openplugin-OpenWebif project.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://danieltindall.me/openwebif-vulnerabilities | x_refsource_MISC |
| https://github.com/E2OpenPlugins/e2openplugin-Ope… | x_refsource_MISC |
Date Public
2018-12-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:18.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://danieltindall.me/openwebif-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/commit/a846b7664eda3a4c51a452e00638cf7337dc2013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with /file?action=download\u0026file= followed by a full pathname, and listing of arbitrary directories is possible with /file?action=download\u0026dir= followed by a full pathname. This is related to plugin/controllers/file.py in the e2openplugin-OpenWebif project."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-21T08:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://danieltindall.me/openwebif-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/commit/a846b7664eda3a4c51a452e00638cf7337dc2013"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with /file?action=download\u0026file= followed by a full pathname, and listing of arbitrary directories is possible with /file?action=download\u0026dir= followed by a full pathname. This is related to plugin/controllers/file.py in the e2openplugin-OpenWebif project."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://danieltindall.me/openwebif-vulnerabilities",
"refsource": "MISC",
"url": "https://danieltindall.me/openwebif-vulnerabilities"
},
{
"name": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/commit/a846b7664eda3a4c51a452e00638cf7337dc2013",
"refsource": "MISC",
"url": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/commit/a846b7664eda3a4c51a452e00638cf7337dc2013"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20332",
"datePublished": "2018-12-21T09:00:00.000Z",
"dateReserved": "2018-12-21T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:58:18.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9333 (GCVE-0-2017-9333)
Vulnerability from cvelistv5 – Published: 2017-09-18 01:00 – Updated: 2024-08-05 17:02
VLAI
Summary
OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package. This has security implications in cases where untrusted users can trigger CallOPKG calls, and these users can enter an arbitrary URL in an input field, even though that input field was only intended for a package name. This threat model may be relevant in the latest versions of third-party products that bundle OpenWebif, i.e., set-top box products. The issue of Trojan horse packages does NOT have security implications in cases where the attacker has full OpenWebif access.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/E2OpenPlugins/e2openplugin-Ope… | x_refsource_MISC |
| https://github.com/E2OpenPlugins/e2openplugin-Ope… | x_refsource_MISC |
Date Public
2017-09-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/619"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/621"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package. This has security implications in cases where untrusted users can trigger CallOPKG calls, and these users can enter an arbitrary URL in an input field, even though that input field was only intended for a package name. This threat model may be relevant in the latest versions of third-party products that bundle OpenWebif, i.e., set-top box products. The issue of Trojan horse packages does NOT have security implications in cases where the attacker has full OpenWebif access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T01:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/619"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/621"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package. This has security implications in cases where untrusted users can trigger CallOPKG calls, and these users can enter an arbitrary URL in an input field, even though that input field was only intended for a package name. This threat model may be relevant in the latest versions of third-party products that bundle OpenWebif, i.e., set-top box products. The issue of Trojan horse packages does NOT have security implications in cases where the attacker has full OpenWebif access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/619",
"refsource": "MISC",
"url": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/619"
},
{
"name": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/621",
"refsource": "MISC",
"url": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/621"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9333",
"datePublished": "2017-09-18T01:00:00.000Z",
"dateReserved": "2017-05-31T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:02:44.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9807 (GCVE-0-2017-9807)
Vulnerability from cvelistv5 – Published: 2017-06-22 03:00 – Updated: 2024-08-05 17:18
VLAI
Summary
An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval() call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated remote attacker to execute arbitrary Python code or OS commands via api/saveconfig.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/E2OpenPlugins/e2openplugin-Ope… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/99232 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2017/10/02/4 | mailing-listx_refsource_MLIST |
| https://census-labs.com/news/2017/10/02/e2openplu… | x_refsource_MISC |
Date Public
2017-06-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:01.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/620"
},
{
"name": "99232",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99232"
},
{
"name": "[oss-security] 20171002 CVE-2017-9807: e2openplugin-OpenWebif: Remote code execution through HTTP GET parameter manipulation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/10/02/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://census-labs.com/news/2017/10/02/e2openplugin-openwebif-saveconfig-remote-code-execution/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of \"plugin/controllers/models/config.py\" performs an eval() call on the contents of the \"key\" HTTP GET parameter. This allows an unauthenticated remote attacker to execute arbitrary Python code or OS commands via api/saveconfig."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-12T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/620"
},
{
"name": "99232",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99232"
},
{
"name": "[oss-security] 20171002 CVE-2017-9807: e2openplugin-OpenWebif: Remote code execution through HTTP GET parameter manipulation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/10/02/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://census-labs.com/news/2017/10/02/e2openplugin-openwebif-saveconfig-remote-code-execution/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of \"plugin/controllers/models/config.py\" performs an eval() call on the contents of the \"key\" HTTP GET parameter. This allows an unauthenticated remote attacker to execute arbitrary Python code or OS commands via api/saveconfig."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/620",
"refsource": "CONFIRM",
"url": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/620"
},
{
"name": "99232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99232"
},
{
"name": "[oss-security] 20171002 CVE-2017-9807: e2openplugin-OpenWebif: Remote code execution through HTTP GET parameter manipulation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/10/02/4"
},
{
"name": "https://census-labs.com/news/2017/10/02/e2openplugin-openwebif-saveconfig-remote-code-execution/",
"refsource": "MISC",
"url": "https://census-labs.com/news/2017/10/02/e2openplugin-openwebif-saveconfig-remote-code-execution/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9807",
"datePublished": "2017-06-22T03:00:00.000Z",
"dateReserved": "2017-06-21T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:18:01.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38113 (GCVE-0-2021-38113)
Vulnerability from nvd – Published: 2021-08-04 18:42 – Updated: 2024-08-04 01:30
VLAI
Summary
In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) through 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor (i.e., bouqueteditor/api/addbouquet?name=) leads to Stored XSS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/E2OpenPlugins/e2openplugin-Ope… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:09.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/1387"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) through 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor (i.e., bouqueteditor/api/addbouquet?name=) leads to Stored XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-04T18:42:07.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/1387"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38113",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) through 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor (i.e., bouqueteditor/api/addbouquet?name=) leads to Stored XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/1387",
"refsource": "MISC",
"url": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/1387"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38113",
"datePublished": "2021-08-04T18:42:07.000Z",
"dateReserved": "2021-08-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:30:09.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20332 (GCVE-0-2018-20332)
Vulnerability from nvd – Published: 2018-12-21 09:00 – Updated: 2024-08-05 11:58
VLAI
Summary
An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with /file?action=download&file= followed by a full pathname, and listing of arbitrary directories is possible with /file?action=download&dir= followed by a full pathname. This is related to plugin/controllers/file.py in the e2openplugin-OpenWebif project.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://danieltindall.me/openwebif-vulnerabilities | x_refsource_MISC |
| https://github.com/E2OpenPlugins/e2openplugin-Ope… | x_refsource_MISC |
Date Public
2018-12-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:18.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://danieltindall.me/openwebif-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/commit/a846b7664eda3a4c51a452e00638cf7337dc2013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with /file?action=download\u0026file= followed by a full pathname, and listing of arbitrary directories is possible with /file?action=download\u0026dir= followed by a full pathname. This is related to plugin/controllers/file.py in the e2openplugin-OpenWebif project."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-21T08:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://danieltindall.me/openwebif-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/commit/a846b7664eda3a4c51a452e00638cf7337dc2013"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with /file?action=download\u0026file= followed by a full pathname, and listing of arbitrary directories is possible with /file?action=download\u0026dir= followed by a full pathname. This is related to plugin/controllers/file.py in the e2openplugin-OpenWebif project."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://danieltindall.me/openwebif-vulnerabilities",
"refsource": "MISC",
"url": "https://danieltindall.me/openwebif-vulnerabilities"
},
{
"name": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/commit/a846b7664eda3a4c51a452e00638cf7337dc2013",
"refsource": "MISC",
"url": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/commit/a846b7664eda3a4c51a452e00638cf7337dc2013"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20332",
"datePublished": "2018-12-21T09:00:00.000Z",
"dateReserved": "2018-12-21T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:58:18.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9333 (GCVE-0-2017-9333)
Vulnerability from nvd – Published: 2017-09-18 01:00 – Updated: 2024-08-05 17:02
VLAI
Summary
OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package. This has security implications in cases where untrusted users can trigger CallOPKG calls, and these users can enter an arbitrary URL in an input field, even though that input field was only intended for a package name. This threat model may be relevant in the latest versions of third-party products that bundle OpenWebif, i.e., set-top box products. The issue of Trojan horse packages does NOT have security implications in cases where the attacker has full OpenWebif access.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/E2OpenPlugins/e2openplugin-Ope… | x_refsource_MISC |
| https://github.com/E2OpenPlugins/e2openplugin-Ope… | x_refsource_MISC |
Date Public
2017-09-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/619"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/621"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package. This has security implications in cases where untrusted users can trigger CallOPKG calls, and these users can enter an arbitrary URL in an input field, even though that input field was only intended for a package name. This threat model may be relevant in the latest versions of third-party products that bundle OpenWebif, i.e., set-top box products. The issue of Trojan horse packages does NOT have security implications in cases where the attacker has full OpenWebif access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T01:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/619"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/621"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package. This has security implications in cases where untrusted users can trigger CallOPKG calls, and these users can enter an arbitrary URL in an input field, even though that input field was only intended for a package name. This threat model may be relevant in the latest versions of third-party products that bundle OpenWebif, i.e., set-top box products. The issue of Trojan horse packages does NOT have security implications in cases where the attacker has full OpenWebif access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/619",
"refsource": "MISC",
"url": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/619"
},
{
"name": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/621",
"refsource": "MISC",
"url": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/621"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9333",
"datePublished": "2017-09-18T01:00:00.000Z",
"dateReserved": "2017-05-31T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:02:44.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9807 (GCVE-0-2017-9807)
Vulnerability from nvd – Published: 2017-06-22 03:00 – Updated: 2024-08-05 17:18
VLAI
Summary
An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval() call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated remote attacker to execute arbitrary Python code or OS commands via api/saveconfig.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/E2OpenPlugins/e2openplugin-Ope… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/99232 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2017/10/02/4 | mailing-listx_refsource_MLIST |
| https://census-labs.com/news/2017/10/02/e2openplu… | x_refsource_MISC |
Date Public
2017-06-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:01.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/620"
},
{
"name": "99232",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99232"
},
{
"name": "[oss-security] 20171002 CVE-2017-9807: e2openplugin-OpenWebif: Remote code execution through HTTP GET parameter manipulation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/10/02/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://census-labs.com/news/2017/10/02/e2openplugin-openwebif-saveconfig-remote-code-execution/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of \"plugin/controllers/models/config.py\" performs an eval() call on the contents of the \"key\" HTTP GET parameter. This allows an unauthenticated remote attacker to execute arbitrary Python code or OS commands via api/saveconfig."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-12T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/620"
},
{
"name": "99232",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99232"
},
{
"name": "[oss-security] 20171002 CVE-2017-9807: e2openplugin-OpenWebif: Remote code execution through HTTP GET parameter manipulation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/10/02/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://census-labs.com/news/2017/10/02/e2openplugin-openwebif-saveconfig-remote-code-execution/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of \"plugin/controllers/models/config.py\" performs an eval() call on the contents of the \"key\" HTTP GET parameter. This allows an unauthenticated remote attacker to execute arbitrary Python code or OS commands via api/saveconfig."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/620",
"refsource": "CONFIRM",
"url": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/620"
},
{
"name": "99232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99232"
},
{
"name": "[oss-security] 20171002 CVE-2017-9807: e2openplugin-OpenWebif: Remote code execution through HTTP GET parameter manipulation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/10/02/4"
},
{
"name": "https://census-labs.com/news/2017/10/02/e2openplugin-openwebif-saveconfig-remote-code-execution/",
"refsource": "MISC",
"url": "https://census-labs.com/news/2017/10/02/e2openplugin-openwebif-saveconfig-remote-code-execution/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9807",
"datePublished": "2017-06-22T03:00:00.000Z",
"dateReserved": "2017-06-21T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:18:01.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}