Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
verizon vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-28370
On Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 devices, the RPC endpoint crtc_fw_upgrade provides a means of provisioning a firmware update for the device. /lib/functions/wnc_jsonsh/wnc_crtc_fw.sh has no cryptographic validation of the image, thus allowing an malicious u...
Verizon Lvskihp Outdoorunit Firmware 3.33.101.0
NA
CVE-2022-28373
Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly sanitize user-controlled parameters within the crtcreadpartition function of the crtcrpc JSON listener in /usr/lib/lua/luci/crtc.lua. A remote attacker on the local network can inject shell metacharacters to ac...
Verizon Lvskihp Indoorunit Firmware 3.4.66.162
NA
CVE-2022-28375
Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/cont...
Verizon Lvskihp Outdoorunit Firmware 3.33.101.0
445
VMScore
CVE-2019-3916
Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated malicious user to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g. /api).
Verizon Fios Quantum Gateway G1100 Firmware 02.01.00.05
481
VMScore
CVE-2014-5755
The verizon (aka com.wverizonwirelessbill) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Gunhillwireless Verizon 0.1
605
VMScore
CVE-2020-7660
serialize-javascript before 3.1.0 allows remote malicious users to inject arbitrary code via the function "deleteFunctions" within "index.js".
Verizon Serialize-javascript
801
VMScore
CVE-2019-3914
Remote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows a remote, authenticated malicious user to execute arbitrary commands on the target device by adding an access control rule for a network object with a crafted hostna...
Verizon Fios Quantum Gateway G1100 Firmware 02.01.00.05
NA
CVE-2022-28369
Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate the user-provided URL within the crtcmode function's enable_ssh sub-operation of the crtcrpc JSON listener (found at /lib/functions/wnc_jsonsh/crtcmode.sh) A remote attacker on the local network can provid...
Verizon Lvskihp Indoorunit Firmware 3.4.66.162
NA
CVE-2022-28374
Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal. An authenticated remote attacker on the local network can inject shell metacharacters into /usr/lib/lua...
Verizon Lvskihp Outdoorunit Firmware 3.33.101.0
552
VMScore
CVE-2013-4876
The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate malicious users to obtain administrative access by leveraging a login prompt.
Verizon Wireless Network Extender Scs-2u01
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »