CVE-2014-8886

Sažetak

AVM FRITZ!OS before 6.30 extracts the contents of firmware updates before verifying their cryptographic signature, which allows remote attackers to create symlinks or overwrite critical files, and consequently execute arbitrary code, via a crafted firmware image.

Reference

http://packetstormsecurity.com/files/135161/AVM-FRITZ-Box-Arbitrary-Code-Execution-Via-Firmware-Images.html
http://seclists.org/fulldisclosure/2016/Jan/12
http://www.securityfocus.com/archive/1/537246/100/0/threaded
https://avm.de/service/sicherheitsinfos-zu-updates/
https://www.redteam-pentesting.de/advisories/rt-sa-2014-014

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

09-10-2018 - 19:54

Objavljeno

08-01-2016 - 20:59