There has been a vulnerability found in the Fritzbox router from AVM. Fritzbox (or Fritz!Box) routers may not be very well known in for example the US, but they are in several countries in Europe. The manufacturer is the German company AVM. Article in German at Heise online: "Fritzbox-Lücke erlaubt delikate Einblicke ins lokale Netz" https://www.heise.de/security/meldu...likate-Einblicke-ins-lokale-Netz-3764885.html There are several comments there posted (in German). Researcher Birk Blechschmidt found the problem and had informed AVM on 17 March, says the article. Which routers exactly it concerns, seems not yet clear. AVM will come with a firmware update, says the article. PS-1: Article also in Dutch at security.nl PS-2: Always difficult to decide: does this belong here or at the hardware sub-forum. EDIT: I corrected a typo: I wrote "Fritxbox (or Fritz!Box)" It should of course have been "Fritzbox (or Fritz!Box)"
AVM has mentioned it on their website (in German): (04.07.2017) - https://avm.de/service/aktuelle-sicherheitshinweise/ "Translation": If IPv6 is activated, an attacker is able to ("under very unlikely circumstances") get information about home network devices (device designation, Mac- and IP-Adress). The Risk is low (CVSS v3: 3,1, low), but it will be fixed in a coming version. Edit: In addition (Heise online-article, mentioned in #1): A website can get information about the model and the Unique Identifier of the Fritzbox router. If a Fritz-app is connected to the router, the website might be able to "collect" the email adress. The collecting of data is done via JavaScript.
And is there a real problem with that? All of those can be gained by sniffing WiFi network. I am just wondering, because I have mine public.
Not really AVM have set the Risk to low, they don't see it as a big problem. But i guess some people don't feel comfortable with it, if websites can get information of all connected devices or even the Unique Identifier of the router
Mood and TairikuOkami, Thank you both! And special thanks to you mood for that link at the AVM site: https://avm.de/service/aktuelle-sicherheitshinweise/ Thank you !!! I had been asking myself whether it would not have been better to use the word "leakage" in stead of "vulnerability". At the time of posting I was wondering whether there was an English article about it. For example, is there an analogous article at https://en.avm.de/service/ I don't know. They have several languages, but are all their postings always also posted in those other languages? hmmmm.... In the mean while I have corrected a typo by me in the first post. I wrote "Fritxbox (or Fritz!Box)" It should of course have been "Fritzbox (or Fritz!Box)". Sorry about that!
