Vulnerabilities > Verizon > High

DATE CVE VULNERABILITY TITLE RISK
2022-07-14 CVE-2022-28370 Insufficient Verification of Data Authenticity vulnerability in Verizon Lvskihp Outdoorunit Firmware 3.33.101.0
On Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 devices, the RPC endpoint crtc_fw_upgrade provides a means of provisioning a firmware update for the device.
network
low complexity
verizon CWE-345
7.5
2022-07-14 CVE-2022-28371 Use of Hard-coded Credentials vulnerability in Verizon products
On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control.
network
low complexity
verizon CWE-798
7.5
2022-07-14 CVE-2022-28372 Unrestricted Upload of File with Dangerous Type vulnerability in Verizon products
On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via crtc_fw_upgrade or crtcfwimage.
network
low complexity
verizon CWE-434
7.5
2022-07-14 CVE-2022-28374 OS Command Injection vulnerability in Verizon Lvskihp Outdoorunit Firmware 3.33.101.0
Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal.
network
low complexity
verizon CWE-78
8.8
2022-07-14 CVE-2022-28377 Weak Password Requirements vulnerability in Verizon products
On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control.
network
low complexity
verizon CWE-521
7.5
2022-06-02 CVE-2022-29729 Weak Password Requirements vulnerability in Verizon 4G LTE Network Extender Firmware 0.4.038.2131/Ga4.38
Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page.
network
low complexity
verizon CWE-521
7.5
2022-04-03 CVE-2022-28376 Improper Authentication vulnerability in Verizon Lvskihp Firmware 20220215
Verizon 5G Home LVSKIHP outside devices through 2022-02-15 allow anyone (knowing the device's serial number) to access a CPE admin website, e.g., at the 10.0.0.1 IP address.
network
high complexity
verizon CWE-287
8.1
2020-06-01 CVE-2020-7660 Deserialization of Untrusted Data vulnerability in Verizon Serialize-Javascript
serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".
network
high complexity
verizon CWE-502
8.1
2019-04-11 CVE-2019-3916 Forced Browsing vulnerability in Verizon Fios Quantum Gateway G1100 Firmware 02.01.00.05
Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g.
network
low complexity
verizon CWE-425
7.5
2019-04-11 CVE-2019-3915 Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway G1100 Firmware 02.01.00.05
Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept and replay login requests to gain access to the administrative web interface.
high complexity
verizon CWE-294
7.5