Vulnerability Details : CVE-2014-8886
AVM FRITZ!OS before 6.30 extracts the contents of firmware updates before verifying their cryptographic signature, which allows remote attackers to create symlinks or overwrite critical files, and consequently execute arbitrary code, via a crafted firmware image.
Vulnerability category: Execute code
Products affected by CVE-2014-8886
- cpe:2.3:o:avm:fritz\!_os:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-8886
7.56%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-8886
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST | |
8.1
|
HIGH | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST |
CWE ids for CVE-2014-8886
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-8886
-
https://www.redteam-pentesting.de/advisories/rt-sa-2014-014
RedTeam Pentesting GmbH - AVM FRITZ!Box: Arbitrary Code Execution Through Manipulated Firmware ImagesExploit
-
http://seclists.org/fulldisclosure/2016/Jan/12
Full Disclosure: [RT-SA-2014-014] AVM FRITZ!Box: Arbitrary Code Execution Through Manipulated Firmware ImagesExploit
-
http://www.securityfocus.com/archive/1/537246/100/0/threaded
SecurityFocus
-
https://avm.de/service/sicherheitsinfos-zu-updates/
Sicherheitsinfos zu Updates | AVM DeutschlandVendor Advisory
-
http://packetstormsecurity.com/files/135161/AVM-FRITZ-Box-Arbitrary-Code-Execution-Via-Firmware-Images.html
AVM FRITZ!Box: Arbitrary Code Execution Via Firmware Images ≈ Packet Storm
Jump to