AVM has found the vulnerability in its FritzBox routers and released an update. Xs4all, which supplies the routers to customers, recommends installing the update as soon as possible. However, the advice to disable remote access will remain in effect for the time being
This is a first update for the firmware of the FritzBox models with type numbers 7390, 7360 and 7340. The patch can be implemented via the wizard in the firmware of the modem and brings the firmware version to 6.03. “Although the cause seems to have been found, the investigation is still ongoing,” reports Xs4all.
AVM, the maker of the FritzBox, says it has indeed found the attack method: malicious parties could enter the router via port 443 and intercept passwords. Until there is more certainty about closing the leak, the advice remains to disable remote access via port 443. “We also advise our customers to change the password of their modem and the passwords of telephony accounts”, Xs4all also says.
On Thursday it was announced that customers of Xs4all have become the victim of a problem with the FritzBox routers that the provider uses. Malicious persons could find out the router’s password and call expensive telephone numbers, among other things, resulting in sky-high bills for customers. Incidentally, the problem applies to all users of the relevant routers, not just the customers of Xs4all. The FritzBox models are especially popular in Germany.