|Title:||AVM FRITZ!Box DNS Rebinding Protection Bypass (CVE-2020-26887)|
|Summary:||Multiple AVM FRITZ!Box devices are prone to a DNS rebinding protection bypass.|
Multiple AVM FRITZ!Box devices are prone to a DNS rebinding protection bypass.
FRITZ!Box router devices employ a protection mechanism against DNS rebinding
attacks. If a DNS answer points to an IP address in the private network range of the router, the answer is
suppressed. Suppose the FRITZ!Box routers DHCP server is in its default configuration and serves the private
IP range of 192.168.178.1/24. If a DNS request is made by a connected device, which resolves to an IPv4 address
in the configured private IP range (for example 192.168.178.20) an empty answer is returned. However, if
instead the DNS answer contains an AAAA-record with the same private IP address in its IPv6 representation
(::ffff:192.168.178.20) it is returned successfully. Furthermore, DNS requests which resolve to the loopback
address 127.0.0.1 or the special address 0.0.0.0 can be retrieved, too.
The flaw allows to resolve DNS answers that point to IP addresses in the
private local network, despite the DNS rebinding protection mechanism.
- AVM FRITZ!Box 6490 and 6590 running AVM FRITZ!OS before version 7.20
- Other AVM FRITZ!Box devices running AVM FRITZ!OS before version 7.21
Update to AVM FRITZ!OS 7.20 / 7.21 or later.
Common Vulnerability Exposure (CVE) ID: CVE-2020-26887|
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.