CVE-2004-2014

Wget 1.9-1.9.1 - Local Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2014. PoCs published by Hugo Vazquez.

AI-analyzed exploit summary This exploit leverages a race condition in wget (CVE-2004-2014) to corrupt or replace a file being downloaded by a root user. The script monitors for a wget process downloading a specific file, then replaces it with a symlink or arbitrary content.

Description

Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Hugo Vazquez · bashlocallinux

https://www.exploit-db.com/exploits/24123

View Code ZIP pw:eip

This exploit leverages a race condition in wget (CVE-2004-2014) to corrupt or replace a file being downloaded by a root user. The script monitors for a wget process downloading a specific file, then replaces it with a symlink or arbitrary content.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Racy

Target: wget (versions prior to fix for CVE-2004-2014)

No auth needed

Prerequisites: Victim must be running wget as root to download a predictable filename · Attacker must have local access and write permissions in the target directory

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.001 - Setuid and Setgid

devstral-2 · analyzed Feb 16, 2026 Full analysis →