CVE-2022-28369

Опубликовано: 14 июл. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate the user-provided URL within the crtcmode function's enable_ssh sub-operation of the crtcrpc JSON listener (found at /lib/functions/wnc_jsonsh/crtcmode.sh) A remote attacker on the local network can provide a malicious URL. The data (found at that URL) is written to /usr/sbin/dropbear and then executed as root.

Ссылки

https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md
Exploit
Third Party Advisory
https://www.verizon.com/info/reportsecurityvulnerability/
Vendor Advisory
https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md
Exploit
Third Party Advisory
https://www.verizon.com/info/reportsecurityvulnerability/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:verizon:lvskihp_indoorunit_firmware:3.4.66.162:*:*:*:*:*:*:*

cpe:2.3:h:verizon:lvskihp_indoorunit:-:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01076

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-wq6g-8jqw-w27p