Jump to content


Photo

[Security] CVE-2017-9807 - OpenWebIf Vulnerability

security OpenWebIf

  • This topic is locked This topic is locked
4 replies to this topic

#1 WanWizard

  • PLi® Core member
  • 70,371 posts

+1,807
Excellent

Posted 24 June 2017 - 10:38

Attention
 
With the CVE number mentioned above a serious vulnerability in relation to the OpenWebIf has been reported. See https://cve.mitre.or...e=CVE-2017-9807 for details.
 
The vulnerability makes it possible to create, overwrite or change arbitrary files using a specially formulated web request. Every Enigma2 version with an installed OpenWebIf is impacted.
 
For those who still have their box open, connected to the internet without the use of a VPN: Please switch this off immediately, before your box is hacked!!!
 
The OpenWebIf team is working very hard to find a solution for this problem.

Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: [Security] CVE-2017-9807 - OpenWebIf Vulnerability #2 Dream1975

  • Senior Member
  • 1,634 posts

+14
Neutral

Posted 24 June 2017 - 12:43

If the box is somewhere else, but you can reach it through Putty, you can use "opkg remove enigma2-plugin-extensions-openwebif" to (temporary) remove Openwebif


Edited by Dream1975, 24 June 2017 - 12:43.

Mutant HD2400, OpenPLi nightly, 2x DVB-C & 2x DVB-S

Mutant HD51, OpenPLi nightly, 1x DVB-C & 1x DVB-S

Wavefrontier T55 (Astra 1,2,3 en HB)

Smartcards Ziggo (Irdeto) and CDS (Seca) on Oscam

 


Re: [Security] CVE-2017-9807 - OpenWebIf Vulnerability #3 theparasol

  • Senior Member
  • 4,157 posts

+198
Excellent

Posted 24 June 2017 - 15:28

Fix has been committed https://github.com/E...24fb8d7dd610f46


@Camping: ZGemma H.2S, Technisat Multytenne 4-in-1 @Home: Edision Mini 4K, Wave Frontier T55, EMP Centauri EMP DiSEqC 8/1 switch, 4x Inverto Ultra Black single LNB


Re: [Security] CVE-2017-9807 - OpenWebIf Vulnerability #4 WanWizard

  • PLi® Core member
  • 70,371 posts

+1,807
Excellent

Posted 24 June 2017 - 15:46

Will be part of tomorrows images.


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: [Security] CVE-2017-9807 - OpenWebIf Vulnerability #5 WanWizard

  • PLi® Core member
  • 70,371 posts

+1,807
Excellent

Posted 25 June 2017 - 11:02

Topic can be closed.

 

Thanks to Jörg Bleyel for the quick fix for this issue!


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users