Vulnerabilities > Verizon > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-14 | CVE-2022-28369 | Unrestricted Upload of File with Dangerous Type vulnerability in Verizon Lvskihp Indoorunit Firmware 3.4.66.162 Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate the user-provided URL within the crtcmode function's enable_ssh sub-operation of the crtcrpc JSON listener (found at /lib/functions/wnc_jsonsh/crtcmode.sh) A remote attacker on the local network can provide a malicious URL. | 9.8 |
| 2022-07-14 | CVE-2022-28373 | OS Command Injection vulnerability in Verizon Lvskihp Indoorunit Firmware 3.4.66.162 Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly sanitize user-controlled parameters within the crtcreadpartition function of the crtcrpc JSON listener in /usr/lib/lua/luci/crtc.lua. | 9.8 |
| 2022-07-14 | CVE-2022-28375 | OS Command Injection vulnerability in Verizon Lvskihp Outdoorunit Firmware 3.33.101.0 Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. | 9.8 |