Search criteria
3 vulnerabilities found for fritz\!os by avm
VAR-201910-1479
Vulnerability from variot - Updated: 2024-11-23 21:36Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with Firmware versions Fritz!OS 6.80 and 6.83 allows physically proximate attackers to view slices of previously transmitted packets or portions of memory via via unspecified vectors. AVM Fritz!Box 7490 Contains an information disclosure vulnerability.Information may be obtained. Deutsche Telekom CERT Advisory [DTC-A-20170323-001]
Summary: Information leakage found in FRITZ!OS 6.83 & 6.80 (AVM DSL Router Fritz!Box 7490)
Recommendation: Update to the newest Version of FRITZ!OS
Details: a) application b) problem c) CVSS d) detailed description e) credits
a) FRITZ!OS 6.83 & 6.80 (AVM DSL Router Fritz!Box 7490)
b) Memory leakage within the PPPoE/PPP padding
c) 4.7 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/RL:U
d)
Multiple DSL access router (aka Homegateway / CPE) handle PPPoE frame padding incorrectly.
This seems to be similar to http://www.securiteam.com/securitynews/5BP01208UO.html.
AVM DSL Router Fritz!Box 7490 (tested with FRITZ!OS 6.83 & 6.80) sends portion of memory within PPPoE Discovery protocol PADT frames because arbitrary memory is used in the padding to reach the minimum Ethernet frame length.
Further research shows that \x93short\x94 PPP LCP frames are also padded with random memory.
e) Christian Kagerhuber
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "fritz\\!os",
"scope": "eq",
"trust": 1.0,
"vendor": "avm",
"version": "6.83"
},
{
"_id": null,
"model": "fritz\\!os",
"scope": "eq",
"trust": 1.0,
"vendor": "avm",
"version": "6.80"
},
{
"_id": null,
"model": "fritz!box",
"scope": "eq",
"trust": 0.8,
"vendor": "avm",
"version": "6.80"
},
{
"_id": null,
"model": "fritz!box",
"scope": "eq",
"trust": 0.8,
"vendor": "avm",
"version": "6.83"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014771"
},
{
"db": "NVD",
"id": "CVE-2017-8087"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:avm:fritz%21_os",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014771"
}
]
},
"credits": {
"_id": null,
"data": "Christian Kagerhuber",
"sources": [
{
"db": "PACKETSTORM",
"id": "153662"
}
],
"trust": 0.1
},
"cve": "CVE-2017-8087",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2017-8087",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 0.9,
"id": "CVE-2017-8087",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.4,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-8087",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-8087",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2017-8087",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-1165",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014771"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1165"
},
{
"db": "NVD",
"id": "CVE-2017-8087"
}
]
},
"description": {
"_id": null,
"data": "Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with Firmware versions Fritz!OS 6.80 and 6.83 allows physically proximate attackers to view slices of previously transmitted packets or portions of memory via via unspecified vectors. AVM Fritz!Box 7490 Contains an information disclosure vulnerability.Information may be obtained. Deutsche Telekom CERT Advisory [DTC-A-20170323-001]\n\nSummary:\nInformation leakage found in FRITZ!OS 6.83 \u0026 6.80 (AVM DSL Router Fritz!Box 7490)\n\nRecommendation:\nUpdate to the newest Version of FRITZ!OS\n\nDetails:\na) application\nb) problem\nc) CVSS\nd) detailed description\ne) credits\n\n------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------\n\na) FRITZ!OS 6.83 \u0026 6.80 (AVM DSL Router Fritz!Box 7490)\n\nb) Memory leakage within the PPPoE/PPP padding \n\nc) 4.7 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/RL:U\n\nd) \nMultiple DSL access router (aka Homegateway / CPE) handle PPPoE frame padding incorrectly. \nThis seems to be similar to http://www.securiteam.com/securitynews/5BP01208UO.html. \n\nAVM DSL Router Fritz!Box 7490 (tested with FRITZ!OS 6.83 \u0026 6.80) sends portion of memory within PPPoE Discovery protocol PADT frames because arbitrary memory is used in the padding to reach the minimum Ethernet frame length. \n\nFurther research shows that \\x93short\\x94 PPP LCP frames are also padded with random memory. \n\ne) Christian Kagerhuber \n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8087"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014771"
},
{
"db": "PACKETSTORM",
"id": "153662"
}
],
"trust": 1.71
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2017-8087",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014771",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1165",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "153662",
"trust": 0.1
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014771"
},
{
"db": "PACKETSTORM",
"id": "153662"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1165"
},
{
"db": "NVD",
"id": "CVE-2017-8087"
}
]
},
"id": "VAR-201910-1479",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4861111
},
"last_update_date": "2024-11-23T21:36:34.170000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://en.avm.de/"
},
{
"title": "AVM Fritz!Box 7490 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100716"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014771"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1165"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014771"
},
{
"db": "NVD",
"id": "CVE-2017-8087"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.4,
"url": "http://seclists.org/fulldisclosure/2019/oct/36"
},
{
"trust": 1.6,
"url": "http://fritzbox.com"
},
{
"trust": 1.6,
"url": "http://avm.com"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8087"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8087"
},
{
"trust": 0.1,
"url": "http://www.securiteam.com/securitynews/5bp01208uo.html."
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014771"
},
{
"db": "PACKETSTORM",
"id": "153662"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1165"
},
{
"db": "NVD",
"id": "CVE-2017-8087"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014771",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "153662",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1165",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2017-8087",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014771",
"ident": null
},
{
"date": "2019-07-16T19:32:22",
"db": "PACKETSTORM",
"id": "153662",
"ident": null
},
{
"date": "2017-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1165",
"ident": null
},
{
"date": "2019-10-22T16:15:10.283000",
"db": "NVD",
"id": "CVE-2017-8087",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014771",
"ident": null
},
{
"date": "2019-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1165",
"ident": null
},
{
"date": "2024-11-21T03:33:18.840000",
"db": "NVD",
"id": "CVE-2017-8087",
"ident": null
}
]
},
"title": {
"_id": null,
"data": "AVM Fritz!Box 7490 Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014771"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1165"
}
],
"trust": 0.6
}
}
CVE-2017-8087 (GCVE-0-2017-8087)
Vulnerability from nvd – Published: 2019-10-22 15:52 – Updated: 2024-08-05 16:27
VLAI?
Summary
Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with Firmware versions Fritz!OS 6.80 and 6.83 allows physically proximate attackers to view slices of previously transmitted packets or portions of memory via via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://avm.com | x_refsource_MISC |
| http://fritzbox.com | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Oct/36 | mailing-listx_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:21.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://avm.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://fritzbox.com"
},
{
"name": "20191018 Information leakage found in FRITZ!OS 6.83 \u0026 6.80 (AVM DSL Router Fritz!Box 7490) [DTC-A-20170323-001]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/36"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with Firmware versions Fritz!OS 6.80 and 6.83 allows physically proximate attackers to view slices of previously transmitted packets or portions of memory via via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-22T15:52:27.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://avm.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://fritzbox.com"
},
{
"name": "20191018 Information leakage found in FRITZ!OS 6.83 \u0026 6.80 (AVM DSL Router Fritz!Box 7490) [DTC-A-20170323-001]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/36"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with Firmware versions Fritz!OS 6.80 and 6.83 allows physically proximate attackers to view slices of previously transmitted packets or portions of memory via via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://avm.com",
"refsource": "MISC",
"url": "http://avm.com"
},
{
"name": "http://fritzbox.com",
"refsource": "MISC",
"url": "http://fritzbox.com"
},
{
"name": "20191018 Information leakage found in FRITZ!OS 6.83 \u0026 6.80 (AVM DSL Router Fritz!Box 7490) [DTC-A-20170323-001]",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/36"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8087",
"datePublished": "2019-10-22T15:52:22.000Z",
"dateReserved": "2017-04-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:27:21.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8087 (GCVE-0-2017-8087)
Vulnerability from cvelistv5 – Published: 2019-10-22 15:52 – Updated: 2024-08-05 16:27
VLAI?
Summary
Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with Firmware versions Fritz!OS 6.80 and 6.83 allows physically proximate attackers to view slices of previously transmitted packets or portions of memory via via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://avm.com | x_refsource_MISC |
| http://fritzbox.com | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2019/Oct/36 | mailing-listx_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:21.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://avm.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://fritzbox.com"
},
{
"name": "20191018 Information leakage found in FRITZ!OS 6.83 \u0026 6.80 (AVM DSL Router Fritz!Box 7490) [DTC-A-20170323-001]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/36"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with Firmware versions Fritz!OS 6.80 and 6.83 allows physically proximate attackers to view slices of previously transmitted packets or portions of memory via via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-22T15:52:27.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://avm.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://fritzbox.com"
},
{
"name": "20191018 Information leakage found in FRITZ!OS 6.83 \u0026 6.80 (AVM DSL Router Fritz!Box 7490) [DTC-A-20170323-001]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/36"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with Firmware versions Fritz!OS 6.80 and 6.83 allows physically proximate attackers to view slices of previously transmitted packets or portions of memory via via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://avm.com",
"refsource": "MISC",
"url": "http://avm.com"
},
{
"name": "http://fritzbox.com",
"refsource": "MISC",
"url": "http://fritzbox.com"
},
{
"name": "20191018 Information leakage found in FRITZ!OS 6.83 \u0026 6.80 (AVM DSL Router Fritz!Box 7490) [DTC-A-20170323-001]",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/36"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8087",
"datePublished": "2019-10-22T15:52:22.000Z",
"dateReserved": "2017-04-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:27:21.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}