High severity8.1NVD Advisory· Published Jan 8, 2016· Updated May 6, 2026

CVE-2014-8886

Description

AVM FRITZ!OS before 6.30 extracts the contents of firmware updates before verifying their cryptographic signature, which allows remote attackers to create symlinks or overwrite critical files, and consequently execute arbitrary code, via a crafted firmware image.

Affected products

Avm/Fritz\! Os
cpe:2.3:o:avm:fritz\!_os:*:*:*:*:*:*:*:*
Range: <=6.23

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/fulldisclosure/2016/Jan/12nvdExploit
www.redteam-pentesting.de/advisories/rt-sa-2014-014nvdExploit
avm.de/service/sicherheitsinfos-zu-updates/nvdVendor Advisory
packetstormsecurity.com/files/135161/AVM-FRITZ-Box-Arbitrary-Code-Execution-Via-Firmware-Images.htmlnvd
www.securityfocus.com/archive/1/537246/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.004
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000