Vendor coverage

avm vulnerabilities

Track published CVEs, severity trends, and remediation context for avm products.

RSS

Total vulnerabilities

Critical issues

Average CVSS score

6.7

Search results

Filtered vulnerability results

Showing 1-9 of 9 vulnerabilities.

Sort current page

CVE-2020-26887HighCVSS7.8Published Oct 23, 2020

FRITZ!OS before 7.21 on FRITZ!Box devices allows a bypass of a DNS Rebinding protection mechanism.

Affected vendor

avm

Affected product

fritz\!box 7490 firmware

Coverage

Single affected product entry

CVSS

7.8

HIGH

Published

Oct 23, 2020

CVE-2017-8087LowCVSS2.4Published Oct 22, 2019

Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with Firmware versions Fritz!OS 6.80 and 6.83 allows physically proximate attackers to view slices of previously transmitted packets or portions of memory via via unspecified vectors.

Affected vendor

avm

Affected product

fritz\!os

Coverage

2 affected product entries

CVSS

2.4

LOW

Published

Oct 22, 2019

CVE-2014-8872HighCVSS7.8Published Aug 29, 2017

Improper Verification of Cryptographic Signature in AVM FRITZ!Box 6810 LTE after firmware 5.22, FRITZ!Box 6840 LTE after firmware 5.23, and other models with firmware 5.50.

Affected vendor

avm

Affected product

fritz\!box 6810 lte firmware

Coverage

2 affected product entries

CVSS

7.8

HIGH

Published

Aug 29, 2017

CVE-2015-7242MediumCVSS6.1Published Jan 12, 2016

Cross-site scripting (XSS) vulnerability in the Push-Service-Mails feature in AVM FRITZ!OS before 6.30 allows remote attackers to inject arbitrary web script or HTML via the display name in the FROM field of an SIP INVITE message.

Affected vendor

avm

Affected product

fritz\! os

Coverage

Single affected product entry

CVSS

6.1

MEDIUM

Published

Jan 12, 2016

CVE-2014-8886HighCVSS8.1Published Jan 8, 2016

AVM FRITZ!OS before 6.30 extracts the contents of firmware updates before verifying their cryptographic signature, which allows remote attackers to create symlinks or overwrite critical files, and consequently execute arbitrary code, via a crafted firmware image.

Affected vendor

avm

Affected product

fritz\! os

Coverage

Single affected product entry

CVSS

8.1

HIGH

Published

Jan 8, 2016

CVE-2014-9727UnknownCVSS10.0Published May 29, 2015

AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm.

Affected vendor

avm

Affected product

fritz\!box

Coverage

Single affected product entry

CVSS

10.0

UNKNOWN

Published

May 29, 2015

CVE-2007-0431UnknownCVSS7.8Published Jan 23, 2007

AVM Fritz!Box 7050, and possibly other product models, allows remote attackers to cause a denial of service (VoIP application crash) via a zero-length UDP packet to the SIP port (port 5060).

Affected vendor

avm

Affected product

fritzbox

Coverage

Single affected product entry

CVSS

7.8

UNKNOWN

Published

Jan 23, 2007

CVE-2000-0262UnknownCVSS5.0Published Apr 12, 2000

The AVM KEN! ISDN Proxy server allows remote attackers to cause a denial of service via a malformed request.

Affected vendor

avm

Affected product

ken

Coverage

2 affected product entries

CVSS

5.0

UNKNOWN

Published

Apr 12, 2000

CVE-2000-0261UnknownCVSS5.0Published Apr 12, 2000

The AVM KEN! web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Affected vendor

avm

Affected product

ken

Coverage

2 affected product entries

CVSS

5.0

UNKNOWN

Published

Apr 12, 2000