Skip to main content

Openwebif

4 CVEs product

Monthly

CVE-2021-38113 MEDIUM POC This Month

In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) through 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor (i.e., bouqueteditor/api/addbouquet?name=). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openwebif
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2018-20332 HIGH POC PATCH This Week

An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Openwebif
NVD GitHub
CVSS 3.0
7.5
EPSS
2.2%
CVE-2017-9333 HIGH PATCH This Week

OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Openwebif
NVD GitHub
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-9807 CRITICAL POC THREAT Emergency

An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.0%.

RCE Python Code Injection Openwebif
NVD GitHub
CVSS 3.0
9.8
EPSS
14.0%
EPSS 1% CVSS 5.4
MEDIUM POC This Month

In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) through 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor (i.e., bouqueteditor/api/addbouquet?name=). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openwebif
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Openwebif
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Openwebif
NVD GitHub
EPSS 14% CVSS 9.8
CRITICAL POC THREAT Emergency

An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.0%.

RCE Python Code Injection +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy