Closed
Description
It was discovered that the IpkgController class, specifically CallOPKG defined in plugin/controllers/ipkg.py does not restrict or incorrectly restricts the input package name before its included as param of '/usr/bin/opkg' package manager binary. A remote attacker could possibly use this flaw to pass a URL as package name parameter by a HTTP request to an attacker-controlled repository since there is no signature verification.
Metadata
Metadata
Assignees
Labels
No labels