Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
verizon vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-3915
Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept and replay login requests to gain access to the administrative web interface.
Verizon Fios Quantum Gateway G1100 Firmware 02.01.00.05
9.8
CVSSv3
CVE-2022-28369
Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate the user-provided URL within the crtcmode function's enable_ssh sub-operation of the crtcrpc JSON listener (found at /lib/functions/wnc_jsonsh/crtcmode.sh) A remote attacker on the local network can provid...
Verizon Lvskihp Indoorunit Firmware 3.4.66.162
7.5
CVSSv3
CVE-2022-28370
On Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 devices, the RPC endpoint crtc_fw_upgrade provides a means of provisioning a firmware update for the device. /lib/functions/wnc_jsonsh/wnc_crtc_fw.sh has no cryptographic validation of the image, thus allowing an malicious u...
Verizon Lvskihp Outdoorunit Firmware 3.33.101.0
9.8
CVSSv3
CVE-2022-28373
Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly sanitize user-controlled parameters within the crtcreadpartition function of the crtcrpc JSON listener in /usr/lib/lua/luci/crtc.lua. A remote attacker on the local network can inject shell metacharacters to ac...
Verizon Lvskihp Indoorunit Firmware 3.4.66.162
8.8
CVSSv3
CVE-2022-28374
Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal. An authenticated remote attacker on the local network can inject shell metacharacters into /usr/lib/lua...
Verizon Lvskihp Outdoorunit Firmware 3.33.101.0
9.8
CVSSv3
CVE-2022-28375
Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/cont...
Verizon Lvskihp Outdoorunit Firmware 3.33.101.0
8.1
CVSSv3
CVE-2020-7660
serialize-javascript before 3.1.0 allows remote malicious users to inject arbitrary code via the function "deleteFunctions" within "index.js".
Verizon Serialize-javascript
NA
CVE-2014-5755
The verizon (aka com.wverizonwirelessbill) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Gunhillwireless Verizon 0.1
5.4
CVSSv3
CVE-2019-16769
The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's impleme...
Verizon Serialize-javascript
NA
CVE-2013-4874
The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate malicious users to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable.
Verizon Wireless Network Extender Scs-26uc4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »