The signature check of FRITZ!Box firmware images is flawed. Malicious code can be injected into firmware images without breaking the RSA signature. The code will be executed either if a manipulated firmware image is uploaded by the victim or if the victim confirms an update on the webinterface during a MITM attack.
b874a9011fb2ca0d221ff39d36dbb4e90c05998298389c0f0392ad2528babfbe