Lucene search

K
cveMitreCVE-2022-28375
HistoryJul 14, 2022 - 1:15 p.m.

CVE-2022-28375

2022-07-1413:15:08
CWE-78
mitre
web.nvd.nist.gov
43
4
cve-2022-28375
verizon
5g home
lvskihp
odu
json listener
remote code execution

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.008

Percentile

82.0%

Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/rpc.lua to achieve remote code execution as root,

Affected configurations

Nvd
Node
verizonlvskihp_outdoorunit_firmwareMatch3.33.101.0
AND
verizonlvskihp_outdoorunitMatch-
VendorProductVersionCPE
verizonlvskihp_outdoorunit_firmware3.33.101.0cpe:2.3:o:verizon:lvskihp_outdoorunit_firmware:3.33.101.0:*:*:*:*:*:*:*
verizonlvskihp_outdoorunit-cpe:2.3:h:verizon:lvskihp_outdoorunit:-:*:*:*:*:*:*:*

Social References

More

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.008

Percentile

82.0%

Related for CVE-2022-28375