5 matches found
CVE-2014-9727
AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm...
VulnCheck KEV: CVE-2014-9727
AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm...
CVE-2014-9727
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/fritzboxechoexec.rb 2023-02-19 12:43:33+00:00| published-proof-of-concept| https://t.me/JerusalemElectronicArmy/179 2024-12-15...
CVE-2014-9727
The CVE-2014-9727 issue affects AVM Fritz!Box routers, where the CGI endpoint cgi-bin/webcm accepts the var:lang parameter and does not properly filter shell metacharacters, enabling remote command execution. Impact is remote, unauthenticated command execution against affected devices, with shell...
Fritz!Box Webcm Unauthenticated Command Injection
Different Fritz!Box devices are vulnerable to an unauthenticated OS command injection. This module was tested on a Fritz!Box 7270 from the LAN side. The vendor reported the following devices vulnerable: 7570, 7490, 7390, 7360, 7340, 7330, 7272, 7270, 7170 Annex A A/CH, 7170 Annex B English, 7170...