CVE-2014-8886

Name of the Vulnerable Software and Affected Versions AVM FRITZ!OS versions prior to 6.30

Description The issue allows remote attackers to create symlinks or overwrite critical files, and consequently execute arbitrary code, via a crafted firmware image. This is possible because the firmware update's contents are extracted before verifying their cryptographic signature.

Recommendations For versions prior to 6.30, update to version 6.30 or later to resolve the issue. As a temporary workaround, consider restricting access to firmware updates until the issue is resolved.