Vulnerabilities > Verizon > Lvskihp Indoorunit Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-07-14 CVE-2022-28373 OS Command Injection vulnerability in Verizon Lvskihp Indoorunit Firmware 3.4.66.162
Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly sanitize user-controlled parameters within the crtcreadpartition function of the crtcrpc JSON listener in /usr/lib/lua/luci/crtc.lua.
network
low complexity
verizon CWE-78
critical
9.8
2022-07-14 CVE-2022-28369 Unrestricted Upload of File with Dangerous Type vulnerability in Verizon Lvskihp Indoorunit Firmware 3.4.66.162
Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate the user-provided URL within the crtcmode function's enable_ssh sub-operation of the crtcrpc JSON listener (found at /lib/functions/wnc_jsonsh/crtcmode.sh) A remote attacker on the local network can provide a malicious URL.
network
low complexity
verizon CWE-434
critical
9.8