Update: A postscript from the original The Register article has been added to clarify the nature of the vulnerability.
A number of remote code execution bugs in FRITZ!Box broadband routers could allow intruders to place phone calls through the device, according to The Register.
Attackers could also listen in on traffic and install backdoors on the devices.
The vulnerabilities exist in all firmware versions prior to 6.30 of the tool line. The devices – which can include a modem, a Wi-Fi access point, routing and VoIP – are in wide use in Germany and Australia.
"After successful exploitation, attackers gain root privileges on the attacked device," said an advisory from RedTeam Pentesting.
Attackers would need to break in by connecting directly to the service via the LAN or could gain entry via an attacker-controlled website visited by a FRITZ!Box user, the RedTeam wrote. The infected website can then use a cross-site request forgery to engage the service via a browser.
RedTeam said the vulnerability poses a high risk. The fix, they wrote, is as usual: Upgrade the firmware.
After this story was originally published, an update has been published on The Register: "Since this story went live, it has emerged that the affected service is firewalled from the network side of the FRITZ!Box, which means an attack would have to start locally – within the home network or from a malicious script running on a webpage visited by a victim, for example."
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
