HomePentest-Tools.com Logo

AVM FRITZ!Box Firmware Signature Bypass CVE-2014-8872

Severity
CVSSv3 Score
7.8
Vulnerability description

Multiple AVM FRITZ!Box devices are using an improper verification of cryptographic signatures.

Risk description

The signature check of FRITZ!Box firmware images is flawed. Malicious code can be injected into firmware images without breaking the RSA signature. The code will be executed either if a manipulated firmware image is uploaded by the victim or if the victim confirms an update on the webinterface during a MITM attack.

Recommendation

Updates are available. Please see the references or the script output on the available updates for the matching model.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Aug 29, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available