CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2022-28376
https://notcve.org/view.php?id=CVE-2022-28376
03 Apr 2022 — Verizon 5G Home LVSKIHP outside devices through 2022-02-15 allow anyone (knowing the device's serial number) to access a CPE admin website, e.g., at the 10.0.0.1 IP address. The password (for the verizon username) is calculated by concatenating the serial number and the model (i.e., the LVSKIHP string), running the sha256sum program, and extracting the first seven characters concatenated with the last seven characters of that SHA-256 value. Los dispositivos exteriores LVSKIHP de Verizon 5G Home hasta el 202... • https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md • CWE-287: Improper Authentication •
CVSS: 8.1EPSS: 3%CPEs: 1EXPL: 1CVE-2020-7660 – npm-serialize-javascript: allows remote attackers to inject arbitrary code via the function deleteFunctions within index.js
https://notcve.org/view.php?id=CVE-2020-7660
01 Jun 2020 — serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js". serialize-javascript versiones anteriores a 3.1.0, permite a atacantes remotos inyectar código arbitrario por medio de la función "deleteFunctions" dentro del archivo "index.js". A flaw was found in the serialize-javascript before version 3.1.0. This flaw allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js." Red Hat OpenSh... • https://github.com/ossf-cve-benchmark/CVE-2020-7660 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16769 – Affected versions of serialize-javascript are vulnerable to Cross-site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2019-16769
05 Dec 2019 — The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability. La... • https://github.com/ossf-cve-benchmark/CVE-2019-16769 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2019-3916
https://notcve.org/view.php?id=CVE-2019-3916
11 Apr 2019 — Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g. /api). La vulnerabilidad de divulgación de información en Fios Quantum Gateway (G1100) de Verizon versión de firmware 02.01.00.05, permite que un atacante remoto no autenticado recupere el valor de la sal de contraseña simplemente mediante una petición a una URL de... • https://www.tenable.com/security/research/tra-2019-17 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3915
https://notcve.org/view.php?id=CVE-2019-3915
11 Apr 2019 — Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept and replay login requests to gain access to the administrative web interface. La vulnerabilidad del bypass de autenticación por captura/reproducción en la versión 02.01.00.05 del firmware de Verizon Fios Quantum Gateway (G1100) permite que un atacante no autenticado con acceso a la red adyacente pueda intercept... • http://www.securityfocus.com/bid/107883 • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 9.0EPSS: 28%CPEs: 2EXPL: 1CVE-2019-3914
https://notcve.org/view.php?id=CVE-2019-3914
11 Apr 2019 — Remote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows a remote, authenticated attacker to execute arbitrary commands on the target device by adding an access control rule for a network object with a crafted hostname. Vulnerabilidad de inyección de comandos remota en Fios Quantum Gateway (G1100) de Verizon versión de firmware 02.01.00.05, permite a un atacante remoto autenticado ejecutar comandos arbitrarios en el dispositivo de destino mediante la... • https://www.tenable.com/security/research/tra-2019-17 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5754
https://notcve.org/view.php?id=CVE-2014-5754
09 Sep 2014 — The Verizon Instant Refills 24/7 (aka com.wVerizonInstantRefill247) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación Verizon Instant Refills 24/7 (también conocido como com.wVerizonInstantRefill247) 0.1 para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obten... • http://www.kb.cert.org/vuls/id/136689 • CWE-310: Cryptographic Issues •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4874
https://notcve.org/view.php?id=CVE-2013-4874
18 Jul 2013 — The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable. El bootloader Uboot bootloader en Verizon Wireless Network Extender SCS-26UC4 permite a atacantes proximamente cercanos eludir el proceso de boot y obtener un prompt de login mediante la conexión de un cable HDMI y usando una sesión sys para modificar la variable de entorno ra... • http://www.kb.cert.org/vuls/id/458007 • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4875
https://notcve.org/view.php?id=CVE-2013-4875
18 Jul 2013 — The Uboot bootloader on the Verizon Wireless Network Extender SCS-2U01 allows physically proximate attackers to bypass the intended boot process and obtain a login prompt by connecting a crafted HDMI cable and sending a SysReq interrupt. El bootloader Uboot bootloader en Verizon Wireless Network Extender SCS-2U01 permite a atacantes proximamente cercanos eludir el prceso de boot y obtener un prompt de login mediante la conexión de un cable HDMI especialmente diseñado y enviar la interrupción SysReq. • http://www.kb.cert.org/vuls/id/458007 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-4877
https://notcve.org/view.php?id=CVE-2013-4877
18 Jul 2013 — The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets. El Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 no utiliza autenticación CAVE, haciendo más fácil para atacantes remotos obtener valores ESN y MIN desde teléfonos arbitrarios, y llevar a cabo ataques de clonación mediante la captur... • http://www.kb.cert.org/vuls/id/458007 • CWE-287: Improper Authentication •