Vulnerabilities > Verizon
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-14 | CVE-2022-28370 | Insufficient Verification of Data Authenticity vulnerability in Verizon Lvskihp Outdoorunit Firmware 3.33.101.0 On Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 devices, the RPC endpoint crtc_fw_upgrade provides a means of provisioning a firmware update for the device. | 7.5 |
| 2022-07-14 | CVE-2022-28371 | Use of Hard-coded Credentials vulnerability in Verizon products On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control. | 7.5 |
| 2022-07-14 | CVE-2022-28374 | OS Command Injection vulnerability in Verizon Lvskihp Outdoorunit Firmware 3.33.101.0 Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal. | 8.8 |
| 2022-07-14 | CVE-2022-28375 | OS Command Injection vulnerability in Verizon Lvskihp Outdoorunit Firmware 3.33.101.0 Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. | 9.8 |
| 2022-06-02 | CVE-2022-29729 | Weak Password Requirements vulnerability in Verizon 4G LTE Network Extender Firmware 0.4.038.2131/Ga4.38 Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page. | 5.0 |
| 2022-04-03 | CVE-2022-28376 | Improper Authentication vulnerability in Verizon Lvskihp Firmware 20220215 Verizon 5G Home LVSKIHP outside devices through 2022-02-15 allow anyone (knowing the device's serial number) to access a CPE admin website, e.g., at the 10.0.0.1 IP address. | 8.1 |
| 2020-06-01 | CVE-2020-7660 | Deserialization of Untrusted Data vulnerability in Verizon Serialize-Javascript serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js". | 6.8 |
| 2019-12-05 | CVE-2019-16769 | Cross-site Scripting vulnerability in Verizon Serialize-Javascript The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). | 3.5 |
| 2019-04-11 | CVE-2019-3916 | Forced Browsing vulnerability in Verizon Fios Quantum Gateway G1100 Firmware 02.01.00.05 Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g. | 5.0 |
| 2019-04-11 | CVE-2019-3915 | Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway G1100 Firmware 02.01.00.05 Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept and replay login requests to gain access to the administrative web interface. | 5.4 |