CVE-2024-54767 Overview
CVE-2024-54767 describes an access control issue in the /juis_boxinfo.xml component of the AVM FRITZ!Box 7530 AX running firmware v7.59. According to the report, an unauthenticated attacker reaching the endpoint can retrieve sensitive device information without supplying credentials. The exposed data may include firmware version, hardware revision, and other identifying fields useful for fingerprinting and follow-on attacks.
The vulnerability is mapped to [CWE-203] (Observable Discrepancy) and affects the consumer-grade FRITZ!Box 7530 AX router. AVM disputes the report because it cannot be reproduced under default deployment conditions and considers the scenario to require an unintended configuration that directly exposes the device to the Internet.
Critical Impact
Unauthenticated network attackers can retrieve device metadata from /juis_boxinfo.xml when the router is exposed to the Internet, enabling fingerprinting for targeted exploitation.
Affected Products
- AVM FRITZ!Box 7530 AX firmware v7.59
- Devices with direct Internet exposure of the management interface
- Status disputed by the supplier (AVM)
Discovery Timeline
- 2025-01-06 - CVE-2024-54767 published to the National Vulnerability Database (NVD)
- 2026-04-15 - Last updated in NVD database, including supplier dispute note
Technical Details for CVE-2024-54767
Vulnerability Analysis
The issue stems from the /juis_boxinfo.xml endpoint serving device information without enforcing authentication. The endpoint is part of AVM's JUIS (Jason User Interface Service) box information mechanism. When the router is reachable from the public Internet, an attacker can issue an HTTP request to the endpoint and receive an XML document describing the device.
The disclosed fields typically include the product name, firmware version, hardware serial number, and OEM identifiers. This metadata supports reconnaissance against the router and any downstream service the attacker may attempt to exploit. The CWE-203 classification reflects how the response distinguishes a vulnerable FRITZ!Box from other devices through observable differences in returned content.
AVM disputes the finding because the management surface is not exposed to the Internet under default settings. The vendor position is that the underlying weakness requires the operator to deliberately or accidentally publish the LAN-side interface to the WAN.
Root Cause
The root cause is missing authorization on a status endpoint that returns identifying information. Access control checks normally applied to the FRITZ!Box web interface do not cover the juis_boxinfo.xml path, allowing anonymous reads when the interface is reachable.
Attack Vector
The attack vector is network-based and requires no authentication or user interaction. An attacker scans for FRITZ!Box devices exposed on the Internet, issues a single HTTP GET request against /juis_boxinfo.xml, and parses the XML response. No exploitation code is required because the endpoint serves the data directly. The disclosed firmware version then guides selection of further exploits against known FRITZ!OS issues.
No verified public proof-of-concept code is referenced in the advisory. See the GitHub Vulnerability Report for the original technical write-up.
Detection Methods for CVE-2024-54767
Indicators of Compromise
- Inbound HTTP or HTTPS GET requests to the path /juis_boxinfo.xml from external sources
- Outbound XML responses containing fields such as Name, HW, Version, and Serial from the router's WAN interface
- Unsolicited scanning traffic targeting TCP/80 or TCP/443 on FRITZ!Box devices
Detection Strategies
- Inspect router and perimeter logs for requests to /juis_boxinfo.xml originating from non-local IP ranges
- Run external attack surface scans against your public IP space to confirm whether the FRITZ!Box management interface is reachable
- Correlate firmware fingerprinting requests with subsequent authentication attempts against the router
Monitoring Recommendations
- Forward router access logs to a central log platform and alert on access to administrative paths from WAN sources
- Track HTTP responses larger than expected from the WAN interface, which may indicate XML data leakage
- Periodically validate that remote administration features such as MyFRITZ! and TR-064 are configured as intended
How to Mitigate CVE-2024-54767
Immediate Actions Required
- Confirm that the FRITZ!Box web interface is not exposed to the Internet and disable any unintended port forwarding rules pointing at the router itself
- Disable Internet access to the FRITZ!Box user interface under Internet > MyFRITZ! Account and System > FRITZ!Box Users if not required
- Update to the latest available FRITZ!OS release for the FRITZ!Box 7530 AX through System > Update
Patch Information
AVM disputes the vulnerability and has not published a dedicated security advisory or patch identifier tied to CVE-2024-54767. Operators should keep FRITZ!OS current through the built-in update mechanism, as AVM ships general security fixes through routine firmware releases. Refer to the GitHub Issue Tracker for the ongoing discussion between the reporter and the vendor.
Workarounds
- Place the FRITZ!Box behind a separate firewall when WAN-side administration is unavoidable, and restrict source IPs to trusted management hosts
- Disable remote access features including MyFRITZ!, HTTPS Internet access, and TR-069 unless explicitly required by the Internet service provider
- Use VPN access through the FRITZ!Box WireGuard or IPsec server instead of exposing the web interface directly
# Verify whether /juis_boxinfo.xml is reachable from outside the LAN
# Run this from an external host, replacing <wan_ip> with the router's public address
curl -sk -o - --max-time 5 "https://<wan_ip>/juis_boxinfo.xml" | head -n 20
# Expected result after mitigation: connection refused, timeout, or HTTP 403/404
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
