Vulnerabilities > Verizon > Lvskihp Outdoorunit Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2022-07-14 CVE-2022-28370 Insufficient Verification of Data Authenticity vulnerability in Verizon Lvskihp Outdoorunit Firmware 3.33.101.0
On Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 devices, the RPC endpoint crtc_fw_upgrade provides a means of provisioning a firmware update for the device.
network
low complexity
verizon CWE-345
7.5
2022-07-14 CVE-2022-28371 Use of Hard-coded Credentials vulnerability in Verizon products
On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control.
network
low complexity
verizon CWE-798
7.5
2022-07-14 CVE-2022-28374 OS Command Injection vulnerability in Verizon Lvskihp Outdoorunit Firmware 3.33.101.0
Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal.
network
low complexity
verizon CWE-78
8.8