CVE-2022-28370
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
On Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 devices, the RPC endpoint crtc_fw_upgrade provides a means of provisioning a firmware update for the device. /lib/functions/wnc_jsonsh/wnc_crtc_fw.sh has no cryptographic validation of the image, thus allowing an attacker to modify the installed firmware.
En los dispositivos Verizon 5G Home LVSKIHP OutDoorUnit (ODU) versión 3.33.101.0, el endpoint RPC crtc_fw_upgrade proporciona un medio para aprovisionar una actualización de firmware para el dispositivo. /lib/functions/wnc_jsonsh/wnc_crtc_fw.sh no presenta ninguna comprobación criptográfica de la imagen, lo que permite a un atacante modificar el firmware instalado
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-04-03 CVE Reserved
- 2022-07-14 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2025-04-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-345: Insufficient Verification of Data Authenticity
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.verizon.com/info/reportsecurityvulnerability | 2023-08-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Verizon Search vendor "Verizon" | Lvskihp Outdoorunit Firmware Search vendor "Verizon" for product "Lvskihp Outdoorunit Firmware" | 3.33.101.0 Search vendor "Verizon" for product "Lvskihp Outdoorunit Firmware" and version "3.33.101.0" | - |
Affected
| in | Verizon Search vendor "Verizon" | Lvskihp Outdoorunit Search vendor "Verizon" for product "Lvskihp Outdoorunit" | - | - |
Safe
|