Design/Logic Flaw

2022-07-1413:15:00

PRIOn knowledge base

www.prio-n.com

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.9%

JSON

On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via crtc_fw_upgrade or crtcfwimage. The URL provided is not validated, and thus allows for arbitrary file upload to the device. This occurs in /lib/lua/luci/crtc.lua (IDU) and /lib/functions/wnc_jsonsh/wnc_crtc_fw.sh (ODU).

CPENameOperatorVersion
lvskihp_indoorunit_firmwareeq3.4.66.162
lvskihp_outdoorunit_firmwareeq3.33.101.0

CPE	Name	Operator	Version
	lvskihp_indoorunit_firmware	eq	3.4.66.162
	lvskihp_outdoorunit_firmware	eq	3.33.101.0

References

github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md

www.verizon.com/info/reportsecurityvulnerability/