mtdcr
commented
7 years ago See b7692c3.
Closed XalfiE closed 6 years ago
mtdcr
commented
7 years ago See b7692c3.
mtdcr
commented
6 years ago I'm closing this issue, because no further input was provided since September and the cited issue was already fixed one year ago.
Please consider retesting with a more recent version of opendreambox, because security of the web service in general has evolved quite a bit since opendreambox 2.0.
Ironically, upload and execution of code are some of the main features of the plug-in in question ("webadmin"). Factory firmware images ship without it for a reason.
If you believe this or another vulnerability still persists, please raise your voice.
For opendreambox 2.0.0, there is a vulnerability on the webadmin plugin due to lack of input validation in join('/usr/script', args[0]). This has been shown in https://the-infosec.com/2017/07/05/from-shodan-to-rce-opendreambox-2-0-0-code-execution/