Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
verizon lvskihp indoorunit firmware 3.4.66.162 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-28371
On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control. This certificate is embedded in the firmware, and is identical across the fleet of devices. An attacker...
Verizon Lvskihp Indoorunit Firmware 3.4.66.162
Verizon Lvskihp Outdoorunit Firmware 3.33.101.0
7.5
CVSSv3
CVE-2022-28372
On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via crtc_fw_upgrade or crtcfwimage. The URL provided is not validated, and thus allows ...
Verizon Lvskihp Indoorunit Firmware 3.4.66.162
Verizon Lvskihp Outdoorunit Firmware 3.33.101.0
7.5
CVSSv3
CVE-2022-28377
On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. This password can be generated via a binary included in the firmware, after ascertaining ...
Verizon Lvskihp Indoorunit Firmware 3.4.66.162
Verizon Lvskihp Outdoorunit Firmware 3.33.101.0
9.8
CVSSv3
CVE-2022-28369
Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate the user-provided URL within the crtcmode function's enable_ssh sub-operation of the crtcrpc JSON listener (found at /lib/functions/wnc_jsonsh/crtcmode.sh) A remote attacker on the local network can provid...
Verizon Lvskihp Indoorunit Firmware 3.4.66.162
9.8
CVSSv3
CVE-2022-28373
Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly sanitize user-controlled parameters within the crtcreadpartition function of the crtcrpc JSON listener in /usr/lib/lua/luci/crtc.lua. A remote attacker on the local network can inject shell metacharacters to ac...
Verizon Lvskihp Indoorunit Firmware 3.4.66.162
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started