CVE Daily

CVE-2018-20332

An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 b...

High CVSS 7.5

Overview

An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with /file?action=download&file= followed by a full pathname, and listing of arbitrary directories is possible with /file?action=download&dir= followed by a full pathname. This is related to plugin/controllers/file.py in the e2openplugin-OpenWebif project.

CWE: CWE-22 Published: 2018-12-21T09:29:00.297
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 7.5 (HIGH)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags