Openwebif Project Openwebif — known CVE vulnerabilities
Every CVE whose affected-product data names Openwebif Project Openwebif, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2017-9807 — CVSS 9.8 (critical): An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/con…
CVE-2017-9333 — CVSS 8.8 (high): OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py…
CVE-2018-20332 — CVSS 7.5 (high): An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with…
CVE-2021-38113 — CVSS 5.4 (medium): In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) through 1.4.7, inserting JavaScript into the Add Bouquet feature of…