CVE-2017-14135
CRITICAL EXPLOITED NUCLEIOpenDreambox 2.0.0 - Remote Code Execution
Title source: nucleiExploitation Summary
CVE-2017-14135 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI.
Nuclei Templates (1)
OpenDreambox 2.0.0 - Remote Code Execution
CRITICALby alph4byt3
Shodan:
title:"Dreambox WebControl" || http.title:"dreambox webcontrol"
FOFA:
title="dreambox webcontrol"
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://the-infosec.com/2017/07/05/from-shodan-to-rce-opendreambox-2-0-0-code-execution/
Scores
CVSS v3
9.8
EPSS
0.1941
EPSS Percentile
97.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2019-06-13
CWE
CWE-78
Status
published
Products (1)
dreambox/opendreambox
2.0
Published
Sep 04, 2017
Tracked Since
Feb 18, 2026