PT-2015-4366 · Avm · Avm Fritz!Box
Published
2015-05-29
·
Updated
2023-02-15
·
CVE-2014-9727
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
AVM Fritz!Box (affected versions not specified)
Description
The issue allows remote attackers to execute arbitrary commands. This is achieved by using shell metacharacters in the
var:lang parameter to the "cgi-bin/webcm" API endpoint.Recommendations
For all affected versions, consider restricting access to the "cgi-bin/webcm" API endpoint until a patch is available. As a temporary workaround, avoid using the
var:lang parameter in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Avm Fritz!Box