Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
verizon vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-29729
Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page.
Verizon 4g Lte Network Extender Firmware 0.4.038.2131
Verizon 4g Lte Network Extender Firmware Ga4.38
7.5
CVSSv3
CVE-2022-28371
On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control. This certificate is embedded in the firmware, and is identical across the fleet of devices. An attacker...
Verizon Lvskihp Indoorunit Firmware 3.4.66.162
Verizon Lvskihp Outdoorunit Firmware 3.33.101.0
7.5
CVSSv3
CVE-2022-28372
On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via crtc_fw_upgrade or crtcfwimage. The URL provided is not validated, and thus allows ...
Verizon Lvskihp Indoorunit Firmware 3.4.66.162
Verizon Lvskihp Outdoorunit Firmware 3.33.101.0
7.5
CVSSv3
CVE-2022-28377
On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. This password can be generated via a binary included in the firmware, after ascertaining ...
Verizon Lvskihp Indoorunit Firmware 3.4.66.162
Verizon Lvskihp Outdoorunit Firmware 3.33.101.0
NA
CVE-2013-0126
Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote malicious users to hijack the authentication of administrators for requests that (1) add administrative accounts via the ...
Verizon Fios Actiontec Mi424wr-gen31 Router Firmware 40.19.36
Verizon Fios Actiontec Mi424wr-gen31 Router -
1 EDB exploit
NA
CVE-2014-5754
The Verizon Instant Refills 24/7 (aka com.wVerizonInstantRefill247) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Verizon Instant Refills 24\\/7 Project Verizon Instant Refills 24\\/7 0.1
NA
CVE-2013-4877
The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote malicious users to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets.
Verizon Wireless Network Extender Scs-2u01
Verizon Wireless Network Extender Scs-26uc4
8.1
CVSSv3
CVE-2022-28376
Verizon 5G Home LVSKIHP outside devices through 2022-02-15 allow anyone (knowing the device's serial number) to access a CPE admin website, e.g., at the 10.0.0.1 IP address. The password (for the verizon username) is calculated by concatenating the serial number and the mode...
Verizon Lvskihp Firmware
7.2
CVSSv3
CVE-2019-3914
Remote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows a remote, authenticated malicious user to execute arbitrary commands on the target device by adding an access control rule for a network object with a crafted hostna...
Verizon Fios Quantum Gateway G1100 Firmware 02.01.00.05
NA
CVE-2014-5755
The verizon (aka com.wverizonwirelessbill) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Gunhillwireless Verizon 0.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »