CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
99.7%
AVM FRITZ!Box is prone to multiple vulnerabilities
# SPDX-FileCopyrightText: 2014 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/o:avm:fritz%21_os";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.103911");
script_version("2024-01-09T05:06:46+0000");
script_cve_id("CVE-2014-9727");
script_name("Multiple AVM FRITZ!Box Multiple Vulnerabilities - Version Check");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"last_modification", value:"2024-01-09 05:06:46 +0000 (Tue, 09 Jan 2024)");
script_tag(name:"creation_date", value:"2014-02-19 15:07:20 +0100 (Wed, 19 Feb 2014)");
script_category(ACT_GATHER_INFO);
script_family("Web application abuses");
script_copyright("Copyright (C) 2014 Greenbone AG");
script_dependencies("gb_avm_fritz_box_detect.nasl");
script_mandatory_keys("avm/fritz/model", "avm/fritz/firmware_version");
script_xref(name:"URL", value:"http://www.avm.de/de/Sicherheit/liste_update.html");
script_xref(name:"URL", value:"http://www.fritzbox.eu/en/news/2014/security_updates_available.php");
script_xref(name:"URL", value:"http://www.heise.de/newsticker/meldung/Jetzt-Fritzbox-aktualisieren-Hack-gegen-AVM-Router-auch-ohne-Fernzugang-2115745.html");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/74927");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/65520");
script_tag(name:"summary", value:"AVM FRITZ!Box is prone to multiple vulnerabilities");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"affected", value:"See the list provided by the vendor at the linked references.");
script_tag(name:"solution", value:"The vendor has released updates. Please see the references section
for more information.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"remote_banner");
exit(0);
}
include("version_func.inc");
include("host_details.inc");
if( ! fw_version = get_app_version( cpe:CPE, nofork:TRUE ) ) exit( 0 );
if( ! model = get_kb_item( "avm/fritz/model" ) ) exit( 0 );
fixes = make_array("7570", "4.92",
"7490", "6.03",
"7390", "6.03",
"7362 SL", "6.03",
"7360 SL", "6.03",
"7360", "6.03",
"7330 SL", "6.03",
"7330", "6.03",
"7320", "6.03",
"7312", "6.03",
"7272", "6.03",
"7270 v2", "5.54",
"7270 v3", "5.54",
"7270 v1","4.89",
"7240", "5.54",
"7170 SL", "4.81",
"7170", "4.88",
"7150", "4.72",
"7141", "4.77",
"7112", "4.88",
"6842 LTE", "6.03",
"6840 LTE", "6.03",
"6810 LTE", "6.03",
"6360 Cable", "6.03",
"6340 Cable", "6.03",
"6320 Cable", "6.03",
"3390", "6.03",
"3370", "6.03",
"3272", "6.03",
"3270", "5.54");
if( ! fixes[model] ) exit( 99 );
patch = fixes[model];
if( version_is_less( version:fw_version, test_version:patch ) ) {
report = 'Model: ' + model + '\n';
report += 'Installed Firmware: ' + fw_version + '\n';
report += 'Fixed Firmware: ' + patch;
security_message( port:0, data:report );
exit( 0 );
}
exit( 99 );