CVE-2017-14135

CRITICAL EXPLOITED NUCLEI

OpenDreambox 2.0.0 - Remote Code Execution

Title source: nuclei

Description

enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI.

Nuclei Templates (1)

OpenDreambox 2.0.0 - Remote Code Execution

CRITICALby alph4byt3

Shodan: title:"Dreambox WebControl" || http.title:"dreambox webcontrol"

FOFA: title="dreambox webcontrol"

References (1)

[Exploit, Third Party Advisory] https://the-infosec.com/2017/07/05/from-shodan-to-rce-opendreambox-2-0-0-code-execution/

Scores

CVSS v3 9.8

EPSS 0.9009

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2019-06-13

CWE

CWE-78

Status published

Products (1)

dreambox/opendreambox 2.0

Published Sep 04, 2017

Tracked Since Feb 18, 2026