30 matches found
EUVD-2017-17117
Malware in sbrugna...
EUVD-2017-17118
Malware in sbrugna...
CVE-2023-36669
Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit IDU before 11.4 allows remote attackers to obtain arbitrary control of the IDU/ODU system. Any attacker with layer-3 network access to the IDU can impersonate the Touch Panel Unit TPU within the IDU by sending crafte...
CVE-2022-28377
On Verizon 5G Home LVSKIHP InDoorUnit IDU 3.4.66.162 and OutDoorUnit ODU 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. This password can be generated via a binary included in the firmware, after ascertaining the MAC address of th...
CVE-2022-28370
On Verizon 5G Home LVSKIHP OutDoorUnit ODU 3.33.101.0 devices, the RPC endpoint crtcfwupgrade provides a means of provisioning a firmware update for the device. /lib/functions/wncjsonsh/wnccrtcfw.sh has no cryptographic validation of the image, thus allowing an attacker to modify the installed...
CVE-2022-28372
On Verizon 5G Home LVSKIHP InDoorUnit IDU 3.4.66.162 and OutDoorUnit ODU 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via crtcfwupgrade or crtcfwimage. The URL provided is not validated, and thus allows for arbitrary file uplo...
CVE-2022-28377
On Verizon 5G Home LVSKIHP InDoorUnit IDU 3.4.66.162 and OutDoorUnit ODU 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. This password can be generated via a binary included in the firmware, after ascertaining the MAC address of th...
CVE-2022-28372
On Verizon 5G Home LVSKIHP InDoorUnit IDU 3.4.66.162 and OutDoorUnit ODU 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via crtcfwupgrade or crtcfwimage. The URL provided is not validated, and thus allows for arbitrary file uplo...
CVE-2022-28375
Verizon 5G Home LVSKIHP OutDoorUnit ODU 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/rpc.lua to...
CVE-2022-28371
On Verizon 5G Home LVSKIHP InDoorUnit IDU 3.4.66.162 and OutDoorUnit ODU 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control. This certificate is embedded in the firmware, and is identical across the fleet of devices. An attacker need only download...
CVE-2022-28371
On Verizon 5G Home LVSKIHP InDoorUnit IDU 3.4.66.162 and OutDoorUnit ODU 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control. This certificate is embedded in the firmware, and is identical across the fleet of devices. An attacker need only download...
PT-2022-18983 · Verizon · Verizon 5G Home Lvskihp Outdoorunit
Name of the Vulnerable Software and Affected Versions: Verizon 5G Home LVSKIHP OutDoorUnit ODU version 3.33.101.0 Description: The issue concerns the lack of proper sanitization of user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal. This allows an...
Verizon 5G Home LVSKIHP 数据伪造问题漏洞
The Verizon 5G Home LVSKIHP is an all-in-one integrated modem and router from Verizon Communications, Inc. It provides access to Verizon Wireless 5G wireless home Internet services. A data forgery issue vulnerability exists in the Verizon 5G Home LVSKIHP OutDoorUnit ODU version 3.33.101.0 device,...
Verizon 5G Home LVSKIHP 代码问题漏洞
The Verizon 5G Home LVSKIHP is an all-in-one integrated modem and router from Verizon USA. It provides access to Verizon Wireless 5G wireless home Internet service. A security vulnerability exists in the Verizon 5G Home LVSKIHP InDoorUnit IDU version 3.4.66.162 and OutDoorUnit ODU version...
Verizon 5G Home LVSKIHP 操作系统命令注入漏洞
The Verizon 5G Home LVSKIHP is an all-in-one integrated modem and router from Verizon USA. It provides access to Verizon Wireless 5G wireless home Internet service. A security vulnerability exists in Verizon 5G Home LVSKIHP OutDoorUnit ODU version 3.33.101.0, which stems from a lack of property...
Verizon 5G Home LVSKIHP 信任管理问题漏洞
The Verizon 5G Home LVSKIHP is an all-in-one integrated modem and router from Verizon USA. It provides access to Verizon Wireless 5G wireless home Internet service. A security vulnerability exists in the Verizon 5G Home LVSKIHP InDoorUnit IDU version 3.4.66.162 and OutDoorUnit ODU version...
Verizon 5G Home LVSKIHP 操作系统命令注入漏洞
The Verizon 5G Home LVSKIHP is an all-in-one integrated modem and router from Verizon USA. It provides access to Verizon Wireless 5G wireless home Internet service. A security vulnerability exists in Verizon 5G Home LVSKIHP OutDoorUnit ODU version 3.33.101.0, which stems from an attribute cleanup...
PT-2022-18979 · Verizon · Verizon 5G Home Lvskihp Outdoorunit
Name of the Vulnerable Software and Affected Versions: Verizon 5G Home LVSKIHP OutDoorUnit ODU version 3.33.101.0 Description: The issue affects the RPC endpoint "crtc fw upgrade" which is used for provisioning firmware updates. The script /lib/functions/wnc jsonsh/wnc crtc fw.sh lacks...
Verizon 5G Home LVSKIHP 安全漏洞
The Verizon 5G Home LVSKIHP is an all-in-one integrated modem and router from Verizon USA. It provides access to Verizon Wireless 5G wireless home Internet service. The Verizon 5G Home LVSKIHP InDoorUnit IDU version 3.4.66.162 and OutDoorUnit ODU version 3.33.101.0 devices have a security...
CVE-2017-8155
The outdoor unit of Customer Premise Equipment CPE product B2338-168 V100R001C00 has a no authentication vulnerability on a certain port. After accessing the network between the indoor and outdoor units of the CPE, an attacker can deliver commands to the specific port of the outdoor unit and...