{"id":32955,"date":"2024-01-26T17:15:05","date_gmt":"2024-01-26T16:15:05","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=32955"},"modified":"2024-01-26T19:08:12","modified_gmt":"2024-01-26T18:08:12","slug":"fritzbox-entering-the-url-fritz-box-suddenly-redirects-to-an-external-page","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2024\/01\/26\/fritzbox-entering-the-url-fritz-box-suddenly-redirects-to-an-external-page\/","title":{"rendered":"FRITZ!Box: Entering the URL fritz.box suddenly redirects to an external page"},"content":{"rendered":"

\"Sicherheit[German<\/a>]Problem for users of an AVM FRITZ!Box family broadband routers who try to access the router's administration interface from the home network. However, when entering the URL fritz.box<\/em>, users do not end up on the routers firmware FRITZ!Box login page, but are redirected to an external website. Two users have pointed out the problem to me, with one user suspecting a hack. The cause is a combination of two circumstances that provoke this behavior. Someone has registered a domain fritz.box<\/em> and DNS servers from Google then resolve to this page. The remedy is to enter the IP address of the FRITZ!Box or to use a different DNS server.<\/p>\n

An e-mail from a blog reader<\/h2>\n

\"\"Blog reader Bernd D. contacted me by e-mail this afternoon. The subject of the e-mail was \"Fritz.box hijacked?<\/em>\". I immediately thought of the German blog post Neues zur Authentication Bypass-Schwachstelle in FRITZ!OS (Sept. 2023)<\/a> about a bypass vulnerability. Bernd wrote in his email:<\/p>\n

Hello G\u00fcnter,<\/p>\n

as a regular and convinced reader of your feed from the Borncity blog, I wanted to tell you about a current phenomenon with fritz.box.<\/p>\n

Basically, it was foreseeable that this would happen.<\/p>\n

Anyone who currently wants to look at their local fritz!box and enters fritz.box in Firefox ends up on a dubious page, see 2 screenshots.<\/p>\n

I'm sure it's not just me, is it?<\/p>\n

192.168.178.1 works of course<\/p><\/blockquote>\n

Bernd then sent me a screenshot of the landing page, which I have included below.<\/p>\n

\"<\/a>
\nfritz.box fake landing page<\/p>\n

Quick cross-check: Don't work for me<\/h2>\n

At this point, of course, I immediately did a cross-check and typed the URL fritz.box<\/em> into Ungoogled browser. As expected, I ended up on my login page for the FRITZ!box broadband router. In the next step, I tested the Firefox browser with this URL. First a warning appears that the URL fritz.box<\/em> is insecure and can only be accessed via http. However, this is known and you can display this \"insecure\" page (in a local network this isn't a security problem). However, the expected FRITZ!Box login page appeared there.<\/p>\n

\"fritz.box<\/p>\n

So I put the issue aside for the time being and informed the user by email that there was no redirection for me. I then phoned AVM briefly, but received confirmation that nothing was known about an attack – but they were looking into it.<\/p>\n

A second reader report<\/h2>\n

A short time later, Ralf M. contacted me with an e-mail \"fritz.box registered, chaos at the end customer\" and also wrote to me that the URL fritz.box<\/em> would not take him to the login page, but would redirect him to the above external page. Ralf also posted the above screenshot and wrote \"Fortunately only an NFT page and not a replicated login mask.\". That was the point where I called AVM (see comment above), but got no immediate answer.<\/p>\n

Bernd got in touch with me a couple of minutes later and wrote that the Chrome browser was suddenly redirecting him to the local router (as was with the mullvad browser). He use Deutsche Telekom, he wrote, adding \"Oh, my Firefox is now back to normal, that's strange. The last screenshots are from 13:42, when the redirection was still active.\"<\/p>\n

The explanation<\/h2>\n

When I replied to Ralf that he was the second one, he took care of the issue. In the first email he had already sent me a link to Whois for fritz.box<\/a>. There you can see that four days ago someone registered a fritz.box domain in the USA, which is held by namesilo.<\/p>\n

\"Domain<\/p>\n

I then did a little Google search, but got nowhere. Then Ralf M. got in touch again and wrote to me: \"As soon as a different DNS server is specified in the FRITZ!Box, e.g. 8.8.8.8 or 8.8.4.4 for Google, the Fritz.box goes to the NFT page<\/em>.\" This at least explains the problem.<\/p>\n

With Google's DNS server, the URL to be resolved internally is resolved externally to the above page and redirected. Shows how shaky this Internet has become – no hijacked FRITZ!Boxes, but a tricky \"hijacking\" of the Google DNS server. So pay attention to which DNS servers you use and, if necessary, work with the IP of the FRITZ! Thanks in any case to the two blog readers for the tips.<\/p>\n

Answer from vendor AVM<\/h2>\n

AVM's press department contacted me by e-mail with additional information after my first telephone message. Of course, there is this AVM FRITZ!Box support pag<\/a>e that addresses the problem of the FRITZ!Box interface not being accessible. But that does not apply here.<\/p>\n

In the reply e-mail, the AVM press spokeswoman, Doris Haar, gave me an explanation of what happened. According to this, the fritz.box domain is currently in a sales process in which AVM is also involved. As a result, users may occasionally be taken to another inappropriate, harmless page when the URL fritz.box<\/em> is entered in the browser.<\/p>\n

Calling fritz.box<\/em> in the home network is possible as usual and is the responsibility of the home FRITZ! box. Until now, users who accidentally entered fritz.box<\/em> outside their home network received a browser error message or were redirected to a search engine. At the moment, users who accidentally call up fritz.box<\/em> outside their home network are shown an obviously inappropriate and harmless page.<\/p>\n

The spokeswoman told me that AVM is now monitoring all activities relating to the domain allocation and is keeping an eye on security-related requirements.<\/p>\n","protected":false},"excerpt":{"rendered":"

[German]Problem for users of an AVM FRITZ!Box family broadband routers who try to access the router's administration interface from the home network. However, when entering the URL fritz.box, users do not end up on the routers firmware FRITZ!Box login page, … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[448,580],"tags":[701,69],"class_list":["post-32955","post","type-post","status-publish","format-standard","hentry","category-devices","category-security","tag-device","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/32955","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=32955"}],"version-history":[{"count":2,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/32955\/revisions"}],"predecessor-version":[{"id":32957,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/32955\/revisions\/32957"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=32955"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=32955"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=32955"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}