Vulnerabilities > Verizon > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-02 | CVE-2022-29729 | Weak Password Requirements vulnerability in Verizon 4G LTE Network Extender Firmware 0.4.038.2131/Ga4.38 Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page. | 5.0 |
| 2020-06-01 | CVE-2020-7660 | Deserialization of Untrusted Data vulnerability in Verizon Serialize-Javascript serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js". | 6.8 |
| 2019-04-11 | CVE-2019-3916 | Forced Browsing vulnerability in Verizon Fios Quantum Gateway G1100 Firmware 02.01.00.05 Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g. | 5.0 |
| 2019-04-11 | CVE-2019-3915 | Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway G1100 Firmware 02.01.00.05 Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept and replay login requests to gain access to the administrative web interface. | 5.4 |
| 2013-07-18 | CVE-2013-4876 | Credentials Management vulnerability in Verizon Wireless Network Extender Scs2U01 The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers to obtain administrative access by leveraging a login prompt. | 6.2 |
| 2013-07-18 | CVE-2013-4875 | Improper Authentication vulnerability in Verizon Wireless Network Extender Scs2U01 The Uboot bootloader on the Verizon Wireless Network Extender SCS-2U01 allows physically proximate attackers to bypass the intended boot process and obtain a login prompt by connecting a crafted HDMI cable and sending a SysReq interrupt. | 6.2 |
| 2013-07-18 | CVE-2013-4874 | Improper Authentication vulnerability in Verizon Wireless Network Extender Scs26Uc4 The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable. | 6.2 |
| 2013-03-21 | CVE-2013-0126 | Cross-Site Request Forgery (CSRF) vulnerability in Verizon products Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the username and user_level parameters or (2) enable remote administration via the is_telnet_primary and is_telnet_secondary parameters. | 6.8 |