CVE-2024-54767

CVSS 7.5 HIGHEPSS 1.8%CWE-203

In short

The FRITZ!Box 7530 AX router exposes sensitive information through a configuration file that can be accessed without requiring a password. This matters because attackers on the internet could potentially read this file to gather information about your network and device.

Technical detail

An access control vulnerability in the /juis_boxinfo.xml endpoint allows unauthenticated remote access to sensitive device information. The vulnerability requires the affected component to be directly internet-exposed; the vendor disputes reproducibility under normal configurations. Successful exploitation could enable information disclosure for attack reconnaissance.

Summary generated and translated by AI from the official description.

An access control issue in the component /juis_boxinfo.xml of AVM FRITZ!Box 7530 AX v7.59 allows attackers to obtain sensitive information without authentication. NOTE: this is disputed by the Supplier because it cannot be reproduced, and the issue report focuses on an unintended configuration with direct Internet exposure.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/Shuanunio/CVE_Requests/blob/main/AVM/fritz/AVM_FRITZ%21Box_7530%20AX_unauthorized_access_vulnerability_first.md https://github.com/Shuanunio/CVE_Requests/issues/1