Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

AVM FRITZ!Box < 7.20 'Beyond Kr00k' Information Disclosure Vulnerability

Information

Severity

Severity

Medium

Family

Family

General

CVSSv2 Base

CVSSv2 Base

5.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Solution Type

Solution Type

Vendor Patch

Created

Created

3 years ago

Modified

Modified

3 years ago

Share

Summary

Multiple AVM FRITZ!Box devices are prone to an information disclosure vulnerability.

Insight

Insight

An issue was discovered on Qualcomm Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device.

Affected Software

Affected Software

AVM FRITZ!Box devices running AVM FRITZ!OS before version 7.20. Common FRITZ!Box models including the 7590, 7580, 7530, 6590 Cable, 6591 Cable and 6660 Cable are essentially not affected by the Kr00k vulnerability. All products for which the Protected Management Frames (PMF) feature is activated are also not affected.

Detection Method

Detection Method

Check the AVM FRITZ!OS version.

Solution

Solution

Update to AVM FRITZ!OS 7.20 or later. A mitigation is to enable the PMF feature in the FRITZ!Box user interface under Wireless / Security / Additional Security Settings.

Common Vulnerabilities and Exposures (CVE)

References