Current security notifications
AVM Content
Please consider our security information about updates as well.
Release date | Update and security topic |
---|---|
04.01.2018 |
Meltdown and Spectre – no potential attacks on AVM products Update 17.01.2018 Report 04.01.2018 |
13.12.2017 |
Security leak in TLS negotiation (Robotattack) - FRITZ!Box not affected Media have reported about security breaches in various TLS implementations (CVE-2017-1000385). |
16.10.2017 |
Krack breach in WPA2 (updated 10.11.2017) Update 10.11.2017 Update 20.10.2017 Update 19.10.2017 All AVM products that are solely used as wireless access points are not affected, for example FRITZ!Boxes on broadband connections (DSL, cable, WAN, etc.). AVM products that are used as wireless LAN clients are affected by some of the indicated possibilities. Overview: FRITZ!WLAN Repeater used as a wireless bridge (preconfigured and common operating mode): upcoming update recommended FRITZ!Powerline supporting WiFi used as a powerline bridge (powerline uplink) (preconfigured and common operating mode): no update necessary The security of the wireless home network depends on the secure connection of each wireless device included. Based on the internationally used CVSS classification, the WPA2 weakness was rated at 5.4 (medium) and is therefore considered a minor problem. AVM strongly recommends to deploy the provided updates from manufacturers for all wireless LAN clients (for example notebook or Android smartphone) Update 17.10.2017 Report from 16.10.2017 If necessary, AVM will provide an update as always. Please find the statement from the Wi-Fi Alliance > here. |
05.10.2017 |
Security leaks in DNS server software Dnsmasq - FRITZ!Box not affected Media outlets reported about several security leaks in the DNS server software Dnsmasq. FRITZ!Box is not affected, since AVM does not use the Dnsmasq software in FRITZ!OS. |
04.07.2017 |
Information on home network devices under IPv6 After visiting a malicious website for a longer period it could be possible – under very unlikely circumstances – that information about home network devices (only device name, Mac and IP address) are visible when using devices with an activated IPv6 connection. Access is not possible. The risk is very low (CVSS v3: 3.1, low). This point will be fixed in the upcoming versions. |
19.04.2017 |
FRITZ!OS 6.83 increases robustness The current version FRITZ!OS 6.83 fixes a weakness of the outdated FRITZ!OS version 6.80/6.81. Under certain circumstances a restart could have occurred. No misuse was reported. The version 6.80/6.81 was already completely replaced by the version 6.83 via auto update. |
28.11.2016 |
Attacks on the Deutsche Telekom network - FRITZ!Box secure Media outlets have reported about a worldwide hacker attack on Internet routers. In Germany, this lead to disruptions in Speedport routers from the Deutsche Telekom. FRITZ!Box models are not affected by the attacks. |
10.11.2016 |
Certificate exchange for cable routers In the course of a certificate exchange, AVM has been using new and improved manufacturer certificates since 2015. Older certificates were exchanged by software updates from cable providers. Users don't have to do anything. Misuse of older certificates was not reported. |
27.10.2016 |
Dirty Cow in Linux - FRITZ!Box not affected The FRITZ!Box perfectly secure due to regular security updates. Concerning CVE-2016-5195 (Dirty Cow), we currently see no affect on the security level of the FRITZ!Box firmware. |
07.06.2016 |
Telephone fraud with routers Recently there have been a few cases of fraudulent use of telephone services connecting through routers. Concerning the FRITZ!Box, this can only be done through rarely used configurations and mostly occurs in combination with older FRITZ!OS versions at this point. AVM is continuously increasing the features and security standards of the FRITZ!Box and generally advises the use of the latest version, right now being FRITZ!OS 6.50 or higher. The current version can be checked and updated over the user interface. The latest update for FRITZ!Box cable models is supplied by the cable providers. You can find additional security tips in the Guide section. |
03.03.2016 |
DROWN attacks, SSLv2: avm.de and myfritz.net not affected Neither is the currently implemented SSL/TLS in the FRITZ!Box. SSLv2 was only used for an externally hosted server that was responsible for a rarely visited subdomain of avm.de until recently. This was fixed the same day the DROWN possibility was released. |
17.02.2016 |
Security breach through glibc in Linux network functions – FRITZ!Box not affected Media like arstechnica.com and bbc.com have reported about a security leak in Linux networks via the glibc library. FRITZ!Box is not affected, since AVM does not use glibc in FRITZ!OS. |
23.12.2015 |
Infrastructure leak in cable network and cable modem – FRITZ!Box not affected Media outlets have reported about a security leak in the infrastructure of cable networks as well as in cable modems. Through the leak it was possible to download profiles and passwords of modems from other customers. FRITZ!Box is not affected by this security breach. According to statements from Vodafone/Kabel Deutschland the leak has been closed by protection filters uploaded in mid December. |
20.05.2015 |
Security breach through NetUSB – FRITZ!Box not affected Media outlets are now reporting about a vulnerable service that is being used to execute arbitrary code on the router. The reports concern the service "USB Over IP", which routers use to access devices like USB printers in the local network. The driver that has been compromised is called NetUSB. The FRITZ!Box is not affected by the exploited security flaw, as it never uses the NetUSB driver. FRITZ!Box products, both hard and software, are all developed in house by AVM. Regular, free updates to the FRITZ!OS operating system are integral to the FRITZ!Box concept and keep all devices up to date with the current state of technology. |
06.01.2015 |
Security breach through Rompager – FRITZ! products not affected At the recent 31. Chaos Communication Congress, it was announced that the HTTP server Rompager showed multiple security leaks. FRITZ! products are not affected by this. The HTTP server Rompager is a software used on many routers from other manufacturers to provide certain protocols. Among others, the security breach allows strangers to take over administration rights on affected routers. Please find more information on this topic and a list of affected devices under this link. |
Reporting security topics
Do you have suggestions about how to improve the security of our products? Then please contact us at security@avm.de. We will get back to you via email should we have follow-up questions. Apart from that, please excuse that you will not get an individualized reply. For safe transmission of sensitive data, we advise you to encrypt emails to security@avm.de using the PGP Key by AVM.
Should you require assistance concerning technical questions, our Support Desk will be glad to assist you.
Please consider our security information about updates as well.