AVM FRITZ!Box 7530 AX Unauthenticated Information Disclosure Vulnerability

A vulnerability exists in the AVM FRITZ!Box 7530 AX router, specifically in version 7.59, allowing unauthorized access to sensitive information through the '/juis_boxinfo.xml' file. This issue arises from an access control flaw that permits remote attackers to retrieve data without authentication. However, the reported vulnerability is disputed by the supplier, who states it cannot be reproduced and attributes the issue to an unintended configuration with direct Internet exposure.

Impact

Exploitation of this vulnerability allows for unauthorized access to sensitive information, including device details such as the boxinfo and life model name.

Reproduction

The vulnerability can be reproduced by accessing the '/juis_boxinfo.xml' file through the WAN interface of the router. This can be done by sending a request to the external IP address of the FRITZ!Box 7530 AX. If the file is accessible, it indicates the presence of the vulnerability.