CVE-2022-47522 (MacStealer): How to verify the fix?

The vulnerability CVE-2022-47522 was fixed some time ago. Now I'm trying to verify that the fix works (and that older OpenWRT versions are vulnerable).

I'm using the macstealer tool[1] to check for the vulnerability. The tool says that v23.05.0 on Fritz!Box 4040 is still vulnerable. I also tried the AVM stock firmware (07.57), which is also detected as vulnerable. Well, AVM did not say they fixed the issue...

Anyhow, I believe that my test procedure is flawed.

Did someone actually tested the fix, and if so, how did you do it?

[1] , Git-commit ef9820fa3

1 Like