Posted by RedTeam Pentesting GmbH on Jan 21

Advisory: AVM FRITZ!Box: Firmware Signature Bypass

The signature check of FRITZ!Box firmware images is flawed. Malicious
code can be injected into firmware images without breaking the RSA
signature. The code will be executed either if a manipulated firmware
image is uploaded by the victim or if the victim confirms an update on
the webinterface during a MITM attack.

Details
=======

Product: AVM FRITZ!Box 7490, 7390, 7270v3 and other models…