CVSS: 3.4EPSS: 0%CPEs: 7EXPL: 0CVE-2023-38301
https://notcve.org/view.php?id=CVE-2023-38301
22 Apr 2024 — An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola Moto G Power, T-Mobile Revvl 6 Pro 5G, and T-Mobile Revvl V+ 5G devices leak the device serial number to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from ... • https://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20presentations/Ryan%20Johnson%20Mohamed%20Elsabagh%20Angelos%20Stavrou%20-%20Still%20Vulnerable%20Out%20of%20the%20Box%20Revisiting%20the%20Security%20of%20Prepaid%20Android%20Carrier%20Devices.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2022-28369
https://notcve.org/view.php?id=CVE-2022-28369
14 Jul 2022 — Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate the user-provided URL within the crtcmode function's enable_ssh sub-operation of the crtcrpc JSON listener (found at /lib/functions/wnc_jsonsh/crtcmode.sh) A remote attacker on the local network can provide a malicious URL. The data (found at that URL) is written to /usr/sbin/dropbear and then executed as root. Verizon 5G Home LVSKIHP InDoorUnit (IDU) versión 3.4.66.162, no comprueba la URL proporcionada por el usuario en la sub operación... • https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-28370
https://notcve.org/view.php?id=CVE-2022-28370
14 Jul 2022 — On Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 devices, the RPC endpoint crtc_fw_upgrade provides a means of provisioning a firmware update for the device. /lib/functions/wnc_jsonsh/wnc_crtc_fw.sh has no cryptographic validation of the image, thus allowing an attacker to modify the installed firmware. En los dispositivos Verizon 5G Home LVSKIHP OutDoorUnit (ODU) versión 3.33.101.0, el endpoint RPC crtc_fw_upgrade proporciona un medio para aprovisionar una actualización de firmware para el dispositi... • https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-28371
https://notcve.org/view.php?id=CVE-2022-28371
14 Jul 2022 — On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control. This certificate is embedded in the firmware, and is identical across the fleet of devices. An attacker need only download this firmware and extract the private components of these certificates (from /etc/lighttpd.d/ca.pem and /etc/lighttpd.d/server.pem) to gain access. (The firmware download location is shown in a device's upgrade l... • https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-28372
https://notcve.org/view.php?id=CVE-2022-28372
14 Jul 2022 — On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via crtc_fw_upgrade or crtcfwimage. The URL provided is not validated, and thus allows for arbitrary file upload to the device. This occurs in /lib/lua/luci/crtc.lua (IDU) and /lib/functions/wnc_jsonsh/wnc_crtc_fw.sh (ODU). En los dispositivos InDoorUnit (IDU) versión 3.4.66.162 y OutDoorUnit (ODU) versión 3.33.101.0 ... • https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 5%CPEs: 2EXPL: 1CVE-2022-28373
https://notcve.org/view.php?id=CVE-2022-28373
14 Jul 2022 — Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly sanitize user-controlled parameters within the crtcreadpartition function of the crtcrpc JSON listener in /usr/lib/lua/luci/crtc.lua. A remote attacker on the local network can inject shell metacharacters to achieve remote code execution as root. Verizon 5G Home LVSKIHP InDoorUnit (IDU) versión 3.4.66.162, no sanea apropiadamente los parámetros controlados por el usuario dentro de la función crtcreadpartition del listener JSON crtcrpc en ... • https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 5%CPEs: 2EXPL: 1CVE-2022-28374
https://notcve.org/view.php?id=CVE-2022-28374
14 Jul 2022 — Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal. An authenticated remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/admin/settings.lua to achieve remote code execution as root. Verizon 5G Home LVSKIHP OutDoorUnit (ODU) versión 3.33.101.0, no sanea apropiadamente los parámetros controlados por el usuario dentro de las URLs DMA... • https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 5%CPEs: 2EXPL: 1CVE-2022-28375
https://notcve.org/view.php?id=CVE-2022-28375
14 Jul 2022 — Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/rpc.lua to achieve remote code execution as root, Verizon 5G Home LVSKIHP OutDoorUnit (ODU) versión 3.33.101.0, no sanea apropiadamente los parámetros controlados por el usuario dentro de la función crtcswitchsimprofile del l... • https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-28377
https://notcve.org/view.php?id=CVE-2022-28377
14 Jul 2022 — On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. This password can be generated via a binary included in the firmware, after ascertaining the MAC address of the IDU's base Ethernet interface, and adding the string DEVICE_MANUFACTURER='Wistron_NeWeb_Corp.' to /etc/device_info to replicate the host environment. This occurs in /etc/init.d/wnc_factoryssidkeypwd (IDU). En ... • https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md • CWE-521: Weak Password Requirements •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1CVE-2022-29729
https://notcve.org/view.php?id=CVE-2022-29729
27 May 2022 — Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page. Verizon 4G LTE Network Extender GA4.38 - versión V0.4.038.2131 usa un algoritmo débil de generación de contraseñas de administrador por defecto que genera contraseñas accesibles a atacantes no autenticados por medio de la página de inicio de sesión webUI • https://www.verizon.com • CWE-521: Weak Password Requirements •