Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
verizon vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-3916
Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated malicious user to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g. /api).
Verizon Fios Quantum Gateway G1100 Firmware 02.01.00.05
NA
CVE-2022-28369
Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate the user-provided URL within the crtcmode function's enable_ssh sub-operation of the crtcrpc JSON listener (found at /lib/functions/wnc_jsonsh/crtcmode.sh) A remote attacker on the local network can provid...
Verizon Lvskihp Indoorunit Firmware 3.4.66.162
NA
CVE-2022-28370
On Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 devices, the RPC endpoint crtc_fw_upgrade provides a means of provisioning a firmware update for the device. /lib/functions/wnc_jsonsh/wnc_crtc_fw.sh has no cryptographic validation of the image, thus allowing an malicious u...
Verizon Lvskihp Outdoorunit Firmware 3.33.101.0
NA
CVE-2022-28374
Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal. An authenticated remote attacker on the local network can inject shell metacharacters into /usr/lib/lua...
Verizon Lvskihp Outdoorunit Firmware 3.33.101.0
5.4
CVSSv2
CVE-2014-5755
The verizon (aka com.wverizonwirelessbill) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Gunhillwireless Verizon 0.1
3.5
CVSSv2
CVE-2019-16769
The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's impleme...
Verizon Serialize-javascript
6.8
CVSSv2
CVE-2020-7660
serialize-javascript before 3.1.0 allows remote malicious users to inject arbitrary code via the function "deleteFunctions" within "index.js".
Verizon Serialize-javascript
NA
CVE-2022-28373
Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly sanitize user-controlled parameters within the crtcreadpartition function of the crtcrpc JSON listener in /usr/lib/lua/luci/crtc.lua. A remote attacker on the local network can inject shell metacharacters to ac...
Verizon Lvskihp Indoorunit Firmware 3.4.66.162
NA
CVE-2022-28375
Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/cont...
Verizon Lvskihp Outdoorunit Firmware 3.33.101.0
6.2
CVSSv2
CVE-2013-4874
The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate malicious users to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable.
Verizon Wireless Network Extender Scs-26uc4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »