Vulnerabilities > Verizon > Lvskihp Outdoorunit Firmware

DATE CVE VULNERABILITY TITLE RISK
2022-07-14 CVE-2022-28370 Insufficient Verification of Data Authenticity vulnerability in Verizon Lvskihp Outdoorunit Firmware 3.33.101.0
On Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 devices, the RPC endpoint crtc_fw_upgrade provides a means of provisioning a firmware update for the device.
network
low complexity
verizon CWE-345
7.5
2022-07-14 CVE-2022-28371 Use of Hard-coded Credentials vulnerability in Verizon products
On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control.
network
low complexity
verizon CWE-798
7.5
2022-07-14 CVE-2022-28372 Unrestricted Upload of File with Dangerous Type vulnerability in Verizon products
On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via crtc_fw_upgrade or crtcfwimage.
network
low complexity
verizon CWE-434
7.5
2022-07-14 CVE-2022-28374 OS Command Injection vulnerability in Verizon Lvskihp Outdoorunit Firmware 3.33.101.0
Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal.
network
low complexity
verizon CWE-78
8.8
2022-07-14 CVE-2022-28375 OS Command Injection vulnerability in Verizon Lvskihp Outdoorunit Firmware 3.33.101.0
Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener.
network
low complexity
verizon CWE-78
critical
9.8
2022-07-14 CVE-2022-28377 Weak Password Requirements vulnerability in Verizon products
On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control.
network
low complexity
verizon CWE-521
7.5