Vulnerabilities > Verizon > Lvskihp Indoorunit Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2022-07-14 CVE-2022-28371 Use of Hard-coded Credentials vulnerability in Verizon products
On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control.
network
low complexity
verizon CWE-798
7.5
7.5
2022-07-14 CVE-2022-28372 Unrestricted Upload of File with Dangerous Type vulnerability in Verizon products
On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via crtc_fw_upgrade or crtcfwimage.
network
low complexity
verizon CWE-434
7.5
7.5
2022-07-14 CVE-2022-28377 Weak Password Requirements vulnerability in Verizon products
On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control.
network
low complexity
verizon CWE-521
7.5
7.5