HomePentest-Tools.com Logo

AVM FRITZ!Box DNS Rebinding Protection Bypass CVE-2020-26887

CVSSv3 Score
Vulnerability description

Multiple AVM FRITZ!Box devices are prone to a DNS rebinding protection bypass.

Risk description

FRITZ!Box router devices employ a protection mechanism against DNS rebinding attacks. If a DNS answer points to an IP address in the private network range of the router, the answer is suppressed. Suppose the FRITZ!Box routers DHCP server is in its default configuration and serves the private IP range of If a DNS request is made by a connected device, which resolves to an IPv4 address in the configured private IP range (for example an empty answer is returned. However, if instead the DNS answer contains an AAAA-record with the same private IP address in its IPv6 representation (::ffff: it is returned successfully. Furthermore, DNS requests which resolve to the loopback address or the special address can be retrieved, too. The flaw allows to resolve DNS answers that point to IP addresses in the private local network, despite the DNS rebinding protection mechanism.


Update to AVM FRITZ!OS 7.20 / 7.21 or later.

Not available
Detectable with
Network Scanner
Scan engine
Exploitable with Sniper
CVE Published
Oct 23, 2020
Detection added at
Software Type
Not available
Not available
Not available