CVE-2014-9727

EXPLOITED IN THE WILD

AVM Fritz!Box - RCE

Title source: llm

Description

AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm.

Exploits (2)

exploitdb WORKING POC
by 0x4148 · textwebappshardware
https://www.exploit-db.com/exploits/33136
metasploit WORKING POC EXCELLENT
by Unknown · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/fritzbox_echo_exec.rb

References (3)

Scores

EPSS 0.8777
EPSS Percentile 99.5%

Details

VulnCheck KEV 2020-05-07
InTheWild.io 2023-02-15
CWE
CWE-78
Status published
Products (1)
avm/fritz\!box
Published May 29, 2015
Tracked Since Feb 18, 2026