CVE-2017-14135

Name of the Vulnerable Software and Affected Versions opendreambox version 2.0.0

Description The issue allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the "/script" URI. This is due to the lack of neutralization of special elements used in the OS command in the enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py script of the WebAdmin plugin.

Recommendations For opendreambox version 2.0.0, consider disabling access to the "/script" URI until a patch is available to prevent exploitation. Restrict the use of the command parameter in the Script.py script to minimize the risk of arbitrary OS command execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.