[Security] CVE-2017-9807 - OpenWebIf Vulnerability

Started by WanWizard, 24 Jun 2017 10:38

security OpenWebIf

This topic is locked

4 replies to this topic

#1 WanWizard

PLi® Core member
70,381 posts

+1,807

Excellent

Posted 24 June 2017 - 10:38

Attention

With the CVE number mentioned above a serious vulnerability in relation to the OpenWebIf has been reported. See https://cve.mitre.or...e=CVE-2017-9807 for details.

The vulnerability makes it possible to create, overwrite or change arbitrary files using a specially formulated web request. Every Enigma2 version with an installed OpenWebIf is impacted.

For those who still have their box open, connected to the internet without the use of a VPN: Please switch this off immediately, before your box is hacked!!!

The OpenWebIf team is working very hard to find a solution for this problem.

Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.

Re: [Security] CVE-2017-9807 - OpenWebIf Vulnerability #2 Dream1975

Senior Member
1,634 posts

+14

Neutral

Posted 24 June 2017 - 12:43

If the box is somewhere else, but you can reach it through Putty, you can use "opkg remove enigma2-plugin-extensions-openwebif" to (temporary) remove Openwebif

Edited by Dream1975, 24 June 2017 - 12:43.

Mutant HD2400, OpenPLi nightly, 2x DVB-C & 2x DVB-S

Mutant HD51, OpenPLi nightly, 1x DVB-C & 1x DVB-S

Wavefrontier T55 (Astra 1,2,3 en HB)

Smartcards Ziggo (Irdeto) and CDS (Seca) on Oscam

Re: [Security] CVE-2017-9807 - OpenWebIf Vulnerability #3 theparasol

Senior Member
4,157 posts

+198

Excellent

Posted 24 June 2017 - 15:28

Fix has been committed https://github.com/E...24fb8d7dd610f46

@Camping: ZGemma H.2S, Technisat Multytenne 4-in-1 @Home: Edision Mini 4K, Wave Frontier T55, EMP Centauri EMP DiSEqC 8/1 switch, 4x Inverto Ultra Black single LNB

Re: [Security] CVE-2017-9807 - OpenWebIf Vulnerability #4 WanWizard

PLi® Core member
70,381 posts

+1,807

Excellent

Posted 24 June 2017 - 15:46

Will be part of tomorrows images.

Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.

Re: [Security] CVE-2017-9807 - OpenWebIf Vulnerability #5 WanWizard

PLi® Core member
70,381 posts

+1,807

Excellent

Posted 25 June 2017 - 11:02

Topic can be closed.

Thanks to Jörg Bleyel for the quick fix for this issue!

Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.

Back to [EN] Enduser support

Also tagged with one or more of these keywords: security, OpenWebIf

Synology Zero-day exploit patch Started by 40H3X, 12 Nov 2024 Security	0 replies 101 views	40H3X 12 Nov 2024
OpenWebif: EPG is not displayed correctly (distorted) Started by Spittek, 8 Nov 2023 OpenWebif, EPG, Mac, Chrome	1 reply 619 views	WanWizard 8 Nov 2023
OpenPli root Password Protection? Started by zwdpacjent, 2 Feb 2022 root password, security	3 replies 1,002 views	zwdpacjent 21 Feb 2022
OpenWebIf geeft niet de juiste url door aan VLC, poortnummer is "None" Started by haakneus, 24 Jul 2021 OpenWebIF	5 replies 1,046 views	WanWizard 24 Jul 2021
Autotimer in OpemWebif not working Started by martininhio, 31 Aug 2020 autotimer, openwebif	Hot 15 replies 1,773 views	WanWizard 7 Sep 2020