It was recently discovered that almost all routers are vulnerable by remote configuration using TR-069 from internet providers. As it seems the providers do not take securing the server that send out such configurations seriously. The best countermeasure in the current situation is to completely disable that service.
Since I own a FRITZ!Box there is a solution that goes even further:
Freetz. It is a custom firmware which you can compile by a simple “make menuconfig” and then upload to the router by doing a normal firmware update.
You can completely remove stuff from the firmware image that you do not need. The nice thing here: the components used for TR-069 are now not even present in my image.
First I had to change the branding to the default from AVM since otherwise it would refuse to update to the newest firmware. The newest default firmware is needed for freetz.
After the branding issue was solved building and uploading the firmware was quite straightforward by following the beginners tutorial for freetz.