CVE-2024-54767
📋 TL;DR
An access control vulnerability in AVM FRITZ!Box 7530 AX routers allows unauthenticated attackers to access sensitive system information via the /juis_boxinfo.xml endpoint. This affects FRITZ!Box 7530 AX users with vulnerable configurations, particularly those with direct internet exposure. The vendor disputes the vulnerability, stating it cannot be reproduced and requires unintended configurations.
💻 Affected Systems
- AVM FRITZ!Box 7530 AX
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could obtain sensitive router configuration data, network topology information, and potentially use this information for further attacks or reconnaissance.
Likely Case
Information disclosure of router status, firmware details, and basic system information that could aid in targeted attacks.
If Mitigated
Minimal impact if proper network segmentation and access controls prevent external access to the management interface.
🎯 Exploit Status
Simple HTTP GET request to vulnerable endpoint. Vendor disputes existence of vulnerability in standard configurations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: N/A
Vendor Advisory: N/A
Restart Required: No
Instructions:
No official patch available as vendor disputes vulnerability. Ensure router is not directly exposed to internet and follow vendor security recommendations.
🔧 Temporary Workarounds
Network Segmentation
allEnsure FRITZ!Box management interface is not directly accessible from the internet
Access Control
allRestrict access to management interface to trusted internal networks only
🧯 If You Can't Patch
- Ensure FRITZ!Box is behind a firewall with strict inbound rules
- Disable remote management features and WAN access to management interface
🔍 How to Verify
Check if Vulnerable:
Attempt HTTP GET request to http://[router-ip]/juis_boxinfo.xml from unauthenticated network segment. If XML data is returned without authentication, system may be vulnerable.Check Version:
Check FRITZ!OS version in router web interface under System → OverviewVerify Fix Applied:
Verify management interface is not accessible from untrusted networks and requires authentication for all system information endpoints.📡 Detection & Monitoring
Log Indicators:
- Unusual access to /juis_boxinfo.xml endpoint
- Multiple failed authentication attempts followed by successful XML access
Network Indicators:
- HTTP GET requests to /juis_boxinfo.xml from external IP addresses
- Unusual traffic patterns to router management interface
SIEM Query:
source_ip=external AND destination_port=80 AND uri_path="/juis_boxinfo.xml" AND http_method="GET"