CVE-2022-28371

On Verizon 5G Home LVSKIHP InDoorUnit IDU 3.4.66.162 and OutDoorUnit ODU 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control. This certificate is embedded in the firmware, and is identical across the fleet of devices. An attacker need only download...

CVE-2022-28374

Verizon 5G Home LVSKIHP OutDoorUnit ODU 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal. An authenticated remote attacker on the local network can inject shell metacharacters into...

CVE-2022-28377

On Verizon 5G Home LVSKIHP InDoorUnit IDU 3.4.66.162 and OutDoorUnit ODU 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. This password can be generated via a binary included in the firmware, after ascertaining the MAC address of th...

CVE-2022-28372

On Verizon 5G Home LVSKIHP InDoorUnit IDU 3.4.66.162 and OutDoorUnit ODU 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via crtcfwupgrade or crtcfwimage. The URL provided is not validated, and thus allows for arbitrary file uplo...

CVE-2022-28373

Verizon 5G Home LVSKIHP InDoorUnit IDU 3.4.66.162 does not properly sanitize user-controlled parameters within the crtcreadpartition function of the crtcrpc JSON listener in /usr/lib/lua/luci/crtc.lua. A remote attacker on the local network can inject shell metacharacters to achieve remote code...

CVE-2022-28375

Verizon 5G Home LVSKIHP OutDoorUnit ODU 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/rpc.lua to...

Design/Logic Flaw

On Verizon 5G Home LVSKIHP InDoorUnit IDU 3.4.66.162 and OutDoorUnit ODU 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control. This certificate is embedded in the firmware, and is identical across the fleet of devices. An attacker need only download...

Remote code execution

Verizon 5G Home LVSKIHP OutDoorUnit ODU 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/rpc.lua to...

Input validation

On Verizon 5G Home LVSKIHP OutDoorUnit ODU 3.33.101.0 devices, the RPC endpoint crtcfwupgrade provides a means of provisioning a firmware update for the device. /lib/functions/wncjsonsh/wnccrtcfw.sh has no cryptographic validation of the image, thus allowing an attacker to modify the installed...

CVE-2022-28369

CVE-2022-28369 affects Verizon 5G Home LVSKIHP InDoorUnit (IDU) firmware 3.4.66.162. The crtcmode.sh crtcrpc JSON listener’s enable_ssh sub-operation does not validate a user-supplied URL, enabling a local-network attacker to supply a malicious URL. Data from that URL is written to /usr/sbin/drop...

CVE-2022-28370

CVE-2022-28370 affects Verizon 5G Home LVSKIHP Outdoor Unit (ODU) version 3.33.101.0. The vulnerability is in the RPC endpoint crtc_fw_upgrade used for provisioning firmware updates, where the script /lib/functions/wnc_jsonsh/wnc_crtc_fw.sh performs no cryptographic validation of the firmware ima...

CVE-2022-28371

On Verizon 5G Home LVSKIHP InDoorUnit IDU 3.4.66.162 and OutDoorUnit ODU 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control. This certificate is embedded in the firmware, and is identical across the fleet of devices. An attacker need only download...

CVE-2022-28371

CVE-2022-28371 affects Verizon 5G Home LVSKIHP IDU 3.4.66.162 and ODU 3.33.101.0. Root cause: the CRTC and ODU RPC endpoints rely on a static certificate embedded in firmware, identical across devices; an attacker can download firmware and extract the private components of the certificates from /...

CVE-2022-28372

The CVE-2022-28372 entry describes a vulnerability in Verizon 5G Home LVSKIHP devices (IDU 3.4.66.162 and ODU 3.33.101.0). The CRTC and ODU RPC endpoints allow provisioning a firmware update via crtc_fw_upgrade or crtcfwimage; the provided URL is not validated, enabling arbitrary file upload to t...

CVE-2022-28374

Summary: CVE-2022-28374 affects Verizon 5G Home LVSKIHP Outdoor Unit (ODU) v3.33.101.0. The issue is improper sanitization of user-controlled parameters in the DMACC URLs on the Engineering portal Settings page, allowing an authenticated remote attacker on the LAN to inject shell metacharacters i...

CVE-2022-28375

The CVE-2022-28375 issue affects Verizon 5G Home LVSKIHP Outdoor Unit (ODU) version 3.33.101.0. The root cause is improper sanitization in the crtcsimprofile function of the crtcrpc JSON listener, allowing a remote attacker on a local network to inject shell metacharacters into /usr/lib/lua/5.1/l...

CVE-2022-28377

Affected: Verizon 5G Home LVSKIHP IDU 3.4.66.162 and ODU 3.33.101.0. Root cause: CRTC/ODU RPC endpoints rely on a static account username/password for access control, and the password can be generated via a firmware binary after determining the IDU’s base Ethernet MAC and setting DEVICE_MANUFACTU...

Verizon 5G Home LVSKIHP 操作系统命令注入漏洞

The Verizon 5G Home LVSKIHP is an all-in-one integrated modem and router from Verizon USA. It provides access to Verizon Wireless 5G wireless home Internet services. A security vulnerability exists in Verizon 5G Home LVSKIHP InDoorUnit IDU version 3.4.66.162, which stems from not properly handlin...

PT-2022-18980 · Verizon · Verizon 5G Home Lvskihp Outdoorunit

Name of the Vulnerable Software and Affected Versions: Verizon 5G Home LVSKIHP InDoorUnit IDU version 3.4.66.162 Verizon 5G Home LVSKIHP OutDoorUnit ODU version 3.33.101.0 Description: The CRTC and ODU RPC endpoints rely on a static certificate for access control, which is embedded in the firmwar...

Verizon 5G Home LVSKIHP 安全漏洞

The Verizon 5G Home LVSKIHP is an all-in-one integrated modem and router from Verizon USA. It provides access to Verizon Wireless 5G wireless home Internet service. The Verizon 5G Home LVSKIHP InDoorUnit IDU version 3.4.66.162 and OutDoorUnit ODU version 3.33.101.0 devices have a security...