2 matches found
CVE-2022-28369
Verizon 5G Home LVSKIHP InDoorUnit IDU 3.4.66.162 does not validate the user-provided URL within the crtcmode function's enablessh sub-operation of the crtcrpc JSON listener found at /lib/functions/wncjsonsh/crtcmode.sh A remote attacker on the local network can provide a malicious URL. The data...
CVE-2022-28369
CVE-2022-28369 affects Verizon 5G Home LVSKIHP InDoorUnit (IDU) firmware 3.4.66.162. The crtcmode.sh crtcrpc JSON listener’s enable_ssh sub-operation does not validate a user-supplied URL, enabling a local-network attacker to supply a malicious URL. Data from that URL is written to /usr/sbin/drop...