Test ID:	1.3.6.1.4.1.25623.1.0.108952
Category:	General
Title:	AVM FRITZ!Box < 7.20 'Beyond Kr00k' Information Disclosure Vulnerability
Summary:	Multiple AVM FRITZ!Box devices are prone to an information disclosure vulnerability.
Description:	Summary: Multiple AVM FRITZ!Box devices are prone to an information disclosure vulnerability. Vulnerability Insight: An issue was discovered on Qualcomm Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device. Vulnerability Impact: The flaw lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic. Affected Software/OS: AVM FRITZ!Box devices running AVM FRITZ!OS before version 7.20. Common FRITZ!Box models including the 7590, 7580, 7530, 6590 Cable, 6591 Cable and 6660 Cable are essentially not affected by the Kr00k vulnerability. All products for which the Protected Management Frames (PMF) feature is activated are also not affected. Solution: Update to AVM FRITZ!OS 7.20 or later. A mitigation is to enable the PMF feature in the FRITZ!Box user interface under Wireless / Security / Additional Security Settings. CVSS Score: 3.3 CVSS Vector: AV:A/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-3702 https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin Debian Security Information: DSA-4978 (Google Search) https://www.debian.org/security/2021/dsa-4978 https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.