CVE-2022-28371

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control. This certificate is embedded in the firmware, and is identical across the fleet of devices. An attacker need only download this firmware and extract the private components of these certificates (from /etc/lighttpd.d/ca.pem and /etc/lighttpd.d/server.pem) to gain access. (The firmware download location is shown in a device's upgrade logs.)

En los dispositivos InDoorUnit (IDU) versión 3.4.66.162 y OutDoorUnit (ODU) versión 3.33.101.0 de Verizon 5G Home LVSKIHP, los endpoints RPC de CRTC y ODU dependen de un certificado estático para el control de acceso. Este certificado está integrado en el firmware y es idéntico en toda la flota de dispositivos. Un atacante sólo necesita descargar este firmware y extraer los componentes privados de estos certificados (de /etc/lighttpd.d/ca.pem y /etc/lighttpd.d/server.pem) para conseguir acceso. (La ubicación de la descarga del firmware es mostrada en los registros de actualización del dispositivo)

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-04-03 CVE Reserved
2022-07-14 CVE Published
2024-08-03 CVE Updated
2024-08-03 First Exploit
2025-04-08 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-798: Use of Hard-coded Credentials

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC
https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md	2024-08-03

URL	Date	SRC

URL	Date	SRC
https://www.verizon.com/info/reportsecurityvulnerability	2023-08-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Verizon Search vendor "Verizon"	Lvskihp Indoorunit Firmware Search vendor "Verizon" for product "Lvskihp Indoorunit Firmware"	3.4.66.162 Search vendor "Verizon" for product "Lvskihp Indoorunit Firmware" and version "3.4.66.162"	-	Affected	in	Verizon Search vendor "Verizon"	Lvskihp Indoorunit Search vendor "Verizon" for product "Lvskihp Indoorunit"	-	-	Safe
Verizon Search vendor "Verizon"	Lvskihp Outdoorunit Firmware Search vendor "Verizon" for product "Lvskihp Outdoorunit Firmware"	3.33.101.0 Search vendor "Verizon" for product "Lvskihp Outdoorunit Firmware" and version "3.33.101.0"	-	Affected	in	Verizon Search vendor "Verizon"	Lvskihp Outdoorunit Search vendor "Verizon" for product "Lvskihp Outdoorunit"	-	-	Safe