Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
31 vulnerabilities by Verizon
CVE-2026-10629 (GCVE-0-2026-10629)
Vulnerability from nvd – Published: 2026-06-02 14:35 – Updated: 2026-06-03 15:19
VLAI
Title
CVE-2026-10629
Summary
SIP signaling stack in Verizon IMS (unspecified version) implements SIP signaling without IPsec integrity protection (missing Security-Client/Security-Server headers and ESP traffic), which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via passive monitoring and active manipulation of unsecured SIP messages over the radio and core network.
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
2 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-06-02T15:23:02.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/615987"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-10629",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-03T15:19:08.539555Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T15:19:11.551Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VoLTE",
"vendor": "Verizon",
"versions": [
{
"status": "affected",
"version": "UNKNOWN"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SIP signaling stack in Verizon IMS (unspecified version) implements SIP signaling without IPsec integrity protection (missing Security-Client/Security-Server headers and ESP traffic), which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via passive monitoring and active manipulation of unsecured SIP messages over the radio and core network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-346 Origin Validation Error",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-523 Missing Transport Layer Protection",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T14:35:07.902Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.3gpp.org/DynReport/33203.htm"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-10629",
"x_generator": {
"engine": "VINCE 3.0.42",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-10629"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-10629",
"datePublished": "2026-06-02T14:35:07.902Z",
"dateReserved": "2026-06-02T14:31:31.922Z",
"dateUpdated": "2026-06-03T15:19:11.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-7660 (GCVE-0-2020-7660)
Vulnerability from nvd – Published: 2020-06-01 14:50 – Updated: 2024-08-04 09:33
VLAI
Summary
serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".
Severity
No CVSS data available.
CWE
- Arbitrary Code Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/yahoo/serialize-javascript/com… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | serialize-javascript |
Affected:
All versions prior to version 3.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:20.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/yahoo/serialize-javascript/commit/f21a6fb3ace2353413761e79717b2d210ba6ccbd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "serialize-javascript",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 3.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function \"deleteFunctions\" within \"index.js\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary Code Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-01T14:50:55.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yahoo/serialize-javascript/commit/f21a6fb3ace2353413761e79717b2d210ba6ccbd"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "serialize-javascript",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 3.1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function \"deleteFunctions\" within \"index.js\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Code Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/yahoo/serialize-javascript/commit/f21a6fb3ace2353413761e79717b2d210ba6ccbd",
"refsource": "MISC",
"url": "https://github.com/yahoo/serialize-javascript/commit/f21a6fb3ace2353413761e79717b2d210ba6ccbd"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7660",
"datePublished": "2020-06-01T14:50:55.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:20.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16769 (GCVE-0-2019-16769)
Vulnerability from nvd – Published: 2019-12-05 18:55 – Updated: 2024-08-05 01:24
VLAI
Title
Affected versions of serialize-javascript are vulnerable to Cross-site Scripting (XSS)
Summary
The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.
Severity
4.2 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/yahoo/serialize-javascript/sec… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yahoo | serialize-javascript |
Affected:
< 2.1.1 , < 2.1.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:47.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "serialize-javascript",
"vendor": "yahoo",
"versions": [
{
"lessThan": "2.1.1",
"status": "affected",
"version": "\u003c 2.1.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js\u0027s implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-06T15:11:57.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx"
}
],
"source": {
"advisory": "GHSA-h9rv-jmmf-4pgx",
"discovery": "UNKNOWN"
},
"title": "Affected versions of serialize-javascript are vulnerable to Cross-site Scripting (XSS)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2019-16769",
"STATE": "PUBLIC",
"TITLE": "Affected versions of serialize-javascript are vulnerable to Cross-site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "serialize-javascript",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "\u003c 2.1.1",
"version_value": "2.1.1"
}
]
}
}
]
},
"vendor_name": "yahoo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js\u0027s implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx",
"refsource": "CONFIRM",
"url": "https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx"
}
]
},
"source": {
"advisory": "GHSA-h9rv-jmmf-4pgx",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2019-16769",
"datePublished": "2019-12-05T18:55:15.000Z",
"dateReserved": "2019-09-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:24:47.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3916 (GCVE-0-2019-3916)
Vulnerability from nvd – Published: 2019-04-11 14:12 – Updated: 2024-08-04 19:26
VLAI
Summary
Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g. /api).
Severity
No CVSS data available.
CWE
- Password Salt Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.tenable.com/security/research/tra-2019-17 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Verizon | Fios Quantum Gateway (G1100) |
Affected:
Firmware version 02.01.00.05
|
Date Public
2019-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fios Quantum Gateway (G1100)",
"vendor": "Verizon",
"versions": [
{
"status": "affected",
"version": "Firmware version 02.01.00.05"
}
]
}
],
"datePublic": "2019-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g. /api)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Password Salt Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-11T14:12:44.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-17"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fios Quantum Gateway (G1100)",
"version": {
"version_data": [
{
"version_value": "Firmware version 02.01.00.05"
}
]
}
}
]
},
"vendor_name": "Verizon"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g. /api)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Password Salt Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-17",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-17"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3916",
"datePublished": "2019-04-11T14:12:44.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:26:27.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3915 (GCVE-0-2019-3915)
Vulnerability from nvd – Published: 2019-04-11 13:59 – Updated: 2024-08-04 19:26
VLAI
Summary
Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept and replay login requests to gain access to the administrative web interface.
Severity
No CVSS data available.
CWE
- Login Replay
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.tenable.com/security/research/tra-2019-17 | x_refsource_MISC |
| http://www.securityfocus.com/bid/107883 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Verizon | Fios Quantum Gateway (G1100) |
Affected:
Firmware version 02.01.00.05
|
Date Public
2019-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-17"
},
{
"name": "107883",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107883"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fios Quantum Gateway (G1100)",
"vendor": "Verizon",
"versions": [
{
"status": "affected",
"version": "Firmware version 02.01.00.05"
}
]
}
],
"datePublic": "2019-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept and replay login requests to gain access to the administrative web interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Login Replay",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-12T10:06:00.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-17"
},
{
"name": "107883",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107883"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fios Quantum Gateway (G1100)",
"version": {
"version_data": [
{
"version_value": "Firmware version 02.01.00.05"
}
]
}
}
]
},
"vendor_name": "Verizon"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept and replay login requests to gain access to the administrative web interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Login Replay"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-17",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-17"
},
{
"name": "107883",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107883"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3915",
"datePublished": "2019-04-11T13:59:46.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:26:27.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3914 (GCVE-0-2019-3914)
Vulnerability from nvd – Published: 2019-04-11 13:53 – Updated: 2024-08-04 19:26
VLAI
KEVIntel
Summary
Remote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows a remote, authenticated attacker to execute arbitrary commands on the target device by adding an access control rule for a network object with a crafted hostname.
Severity
No CVSS data available.
CWE
- Authenticated Command Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.tenable.com/security/research/tra-2019-17 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Verizon | Fios Quantum Gateway (G1100) |
Affected:
Firmware version 02.01.00.05
|
Date Public
2019-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fios Quantum Gateway (G1100)",
"vendor": "Verizon",
"versions": [
{
"status": "affected",
"version": "Firmware version 02.01.00.05"
}
]
}
],
"datePublic": "2019-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Remote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows a remote, authenticated attacker to execute arbitrary commands on the target device by adding an access control rule for a network object with a crafted hostname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-11T13:53:37.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-17"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fios Quantum Gateway (G1100)",
"version": {
"version_data": [
{
"version_value": "Firmware version 02.01.00.05"
}
]
}
}
]
},
"vendor_name": "Verizon"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows a remote, authenticated attacker to execute arbitrary commands on the target device by adding an access control rule for a network object with a crafted hostname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authenticated Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-17",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-17"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3914",
"datePublished": "2019-04-11T13:53:37.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:26:27.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4877 (GCVE-0-2013-4877)
Vulnerability from nvd – Published: 2013-07-18 14:00 – Updated: 2024-08-06 16:59
VLAI
Summary
The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/BLUU-997M5B | x_refsource_MISC |
| http://www.kb.cert.org/vuls/id/458007 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/bid/61169 | vdb-entryx_refsource_BID |
Date Public
2013-07-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:40.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
},
{
"name": "VU#458007",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/458007"
},
{
"name": "61169",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61169"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-22T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
},
{
"name": "VU#458007",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/458007"
},
{
"name": "61169",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61169"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kb.cert.org/vuls/id/BLUU-997M5B",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
},
{
"name": "VU#458007",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/458007"
},
{
"name": "61169",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61169"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4877",
"datePublished": "2013-07-18T14:00:00.000Z",
"dateReserved": "2013-07-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:59:40.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4876 (GCVE-0-2013-4876)
Vulnerability from nvd – Published: 2013-07-18 14:00 – Updated: 2024-09-16 19:14
VLAI
Summary
The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers to obtain administrative access by leveraging a login prompt.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/BLUU-997M5B | x_refsource_MISC |
| http://www.kb.cert.org/vuls/id/458007 | third-party-advisoryx_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:40.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
},
{
"name": "VU#458007",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/458007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers to obtain administrative access by leveraging a login prompt."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-18T14:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
},
{
"name": "VU#458007",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/458007"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers to obtain administrative access by leveraging a login prompt."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kb.cert.org/vuls/id/BLUU-997M5B",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
},
{
"name": "VU#458007",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/458007"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4876",
"datePublished": "2013-07-18T14:00:00.000Z",
"dateReserved": "2013-07-18T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:14:06.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4875 (GCVE-0-2013-4875)
Vulnerability from nvd – Published: 2013-07-18 14:00 – Updated: 2024-08-06 16:59
VLAI
Summary
The Uboot bootloader on the Verizon Wireless Network Extender SCS-2U01 allows physically proximate attackers to bypass the intended boot process and obtain a login prompt by connecting a crafted HDMI cable and sending a SysReq interrupt.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/BLUU-997M5B | x_refsource_MISC |
| http://www.kb.cert.org/vuls/id/458007 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/bid/61169 | vdb-entryx_refsource_BID |
Date Public
2013-07-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:40.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
},
{
"name": "VU#458007",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/458007"
},
{
"name": "61169",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61169"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Uboot bootloader on the Verizon Wireless Network Extender SCS-2U01 allows physically proximate attackers to bypass the intended boot process and obtain a login prompt by connecting a crafted HDMI cable and sending a SysReq interrupt."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-22T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
},
{
"name": "VU#458007",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/458007"
},
{
"name": "61169",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61169"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Uboot bootloader on the Verizon Wireless Network Extender SCS-2U01 allows physically proximate attackers to bypass the intended boot process and obtain a login prompt by connecting a crafted HDMI cable and sending a SysReq interrupt."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kb.cert.org/vuls/id/BLUU-997M5B",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
},
{
"name": "VU#458007",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/458007"
},
{
"name": "61169",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61169"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4875",
"datePublished": "2013-07-18T14:00:00.000Z",
"dateReserved": "2013-07-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:59:40.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4874 (GCVE-0-2013-4874)
Vulnerability from nvd – Published: 2013-07-18 14:00 – Updated: 2024-08-06 16:59
VLAI
Summary
The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/BLUU-997M5B | x_refsource_MISC |
| http://www.kb.cert.org/vuls/id/458007 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/bid/61169 | vdb-entryx_refsource_BID |
Date Public
2013-07-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:40.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
},
{
"name": "VU#458007",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/458007"
},
{
"name": "61169",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61169"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-22T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
},
{
"name": "VU#458007",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/458007"
},
{
"name": "61169",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61169"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kb.cert.org/vuls/id/BLUU-997M5B",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
},
{
"name": "VU#458007",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/458007"
},
{
"name": "61169",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61169"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4874",
"datePublished": "2013-07-18T14:00:00.000Z",
"dateReserved": "2013-07-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:59:40.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0126 (GCVE-0-2013-0126)
Vulnerability from nvd – Published: 2013-03-21 20:00 – Updated: 2024-09-17 03:07
VLAI
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the username and user_level parameters or (2) enable remote administration via the is_telnet_primary and is_telnet_secondary parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/278204 | third-party-advisoryx_refsource_CERT-VN |
| http://www.exploit-db.com/exploits/24860/ | exploitx_refsource_EXPLOIT-DB |
| http://infosec42.blogspot.com/2013/03/verizon-fio… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:08.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#278204",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/278204"
},
{
"name": "24860",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/24860/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://infosec42.blogspot.com/2013/03/verizon-fios-router-csrf-cve-2013-0126.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the username and user_level parameters or (2) enable remote administration via the is_telnet_primary and is_telnet_secondary parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-21T20:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#278204",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/278204"
},
{
"name": "24860",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/24860/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://infosec42.blogspot.com/2013/03/verizon-fios-router-csrf-cve-2013-0126.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-0126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the username and user_level parameters or (2) enable remote administration via the is_telnet_primary and is_telnet_secondary parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#278204",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/278204"
},
{
"name": "24860",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/24860/"
},
{
"name": "http://infosec42.blogspot.com/2013/03/verizon-fios-router-csrf-cve-2013-0126.html",
"refsource": "MISC",
"url": "http://infosec42.blogspot.com/2013/03/verizon-fios-router-csrf-cve-2013-0126.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-0126",
"datePublished": "2013-03-21T20:00:00.000Z",
"dateReserved": "2012-12-06T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:07:46.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-10629 (GCVE-0-2026-10629)
Vulnerability from cvelistv5 – Published: 2026-06-02 14:35 – Updated: 2026-06-03 15:19
VLAI
Title
CVE-2026-10629
Summary
SIP signaling stack in Verizon IMS (unspecified version) implements SIP signaling without IPsec integrity protection (missing Security-Client/Security-Server headers and ESP traffic), which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via passive monitoring and active manipulation of unsecured SIP messages over the radio and core network.
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
2 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-06-02T15:23:02.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/615987"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-10629",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-03T15:19:08.539555Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T15:19:11.551Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VoLTE",
"vendor": "Verizon",
"versions": [
{
"status": "affected",
"version": "UNKNOWN"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SIP signaling stack in Verizon IMS (unspecified version) implements SIP signaling without IPsec integrity protection (missing Security-Client/Security-Server headers and ESP traffic), which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via passive monitoring and active manipulation of unsecured SIP messages over the radio and core network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-346 Origin Validation Error",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-523 Missing Transport Layer Protection",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T14:35:07.902Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.3gpp.org/DynReport/33203.htm"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-10629",
"x_generator": {
"engine": "VINCE 3.0.42",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-10629"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-10629",
"datePublished": "2026-06-02T14:35:07.902Z",
"dateReserved": "2026-06-02T14:31:31.922Z",
"dateUpdated": "2026-06-03T15:19:11.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-7660 (GCVE-0-2020-7660)
Vulnerability from cvelistv5 – Published: 2020-06-01 14:50 – Updated: 2024-08-04 09:33
VLAI
Summary
serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".
Severity
No CVSS data available.
CWE
- Arbitrary Code Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/yahoo/serialize-javascript/com… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | serialize-javascript |
Affected:
All versions prior to version 3.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:20.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/yahoo/serialize-javascript/commit/f21a6fb3ace2353413761e79717b2d210ba6ccbd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "serialize-javascript",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 3.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function \"deleteFunctions\" within \"index.js\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary Code Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-01T14:50:55.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yahoo/serialize-javascript/commit/f21a6fb3ace2353413761e79717b2d210ba6ccbd"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "serialize-javascript",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 3.1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function \"deleteFunctions\" within \"index.js\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Code Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/yahoo/serialize-javascript/commit/f21a6fb3ace2353413761e79717b2d210ba6ccbd",
"refsource": "MISC",
"url": "https://github.com/yahoo/serialize-javascript/commit/f21a6fb3ace2353413761e79717b2d210ba6ccbd"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7660",
"datePublished": "2020-06-01T14:50:55.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:20.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16769 (GCVE-0-2019-16769)
Vulnerability from cvelistv5 – Published: 2019-12-05 18:55 – Updated: 2024-08-05 01:24
VLAI
Title
Affected versions of serialize-javascript are vulnerable to Cross-site Scripting (XSS)
Summary
The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.
Severity
4.2 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/yahoo/serialize-javascript/sec… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yahoo | serialize-javascript |
Affected:
< 2.1.1 , < 2.1.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:47.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "serialize-javascript",
"vendor": "yahoo",
"versions": [
{
"lessThan": "2.1.1",
"status": "affected",
"version": "\u003c 2.1.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js\u0027s implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-06T15:11:57.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx"
}
],
"source": {
"advisory": "GHSA-h9rv-jmmf-4pgx",
"discovery": "UNKNOWN"
},
"title": "Affected versions of serialize-javascript are vulnerable to Cross-site Scripting (XSS)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2019-16769",
"STATE": "PUBLIC",
"TITLE": "Affected versions of serialize-javascript are vulnerable to Cross-site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "serialize-javascript",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "\u003c 2.1.1",
"version_value": "2.1.1"
}
]
}
}
]
},
"vendor_name": "yahoo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js\u0027s implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx",
"refsource": "CONFIRM",
"url": "https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx"
}
]
},
"source": {
"advisory": "GHSA-h9rv-jmmf-4pgx",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2019-16769",
"datePublished": "2019-12-05T18:55:15.000Z",
"dateReserved": "2019-09-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:24:47.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3916 (GCVE-0-2019-3916)
Vulnerability from cvelistv5 – Published: 2019-04-11 14:12 – Updated: 2024-08-04 19:26
VLAI
Summary
Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g. /api).
Severity
No CVSS data available.
CWE
- Password Salt Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.tenable.com/security/research/tra-2019-17 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Verizon | Fios Quantum Gateway (G1100) |
Affected:
Firmware version 02.01.00.05
|
Date Public
2019-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fios Quantum Gateway (G1100)",
"vendor": "Verizon",
"versions": [
{
"status": "affected",
"version": "Firmware version 02.01.00.05"
}
]
}
],
"datePublic": "2019-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g. /api)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Password Salt Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-11T14:12:44.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-17"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fios Quantum Gateway (G1100)",
"version": {
"version_data": [
{
"version_value": "Firmware version 02.01.00.05"
}
]
}
}
]
},
"vendor_name": "Verizon"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g. /api)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Password Salt Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-17",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-17"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3916",
"datePublished": "2019-04-11T14:12:44.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:26:27.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3915 (GCVE-0-2019-3915)
Vulnerability from cvelistv5 – Published: 2019-04-11 13:59 – Updated: 2024-08-04 19:26
VLAI
Summary
Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept and replay login requests to gain access to the administrative web interface.
Severity
No CVSS data available.
CWE
- Login Replay
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.tenable.com/security/research/tra-2019-17 | x_refsource_MISC |
| http://www.securityfocus.com/bid/107883 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Verizon | Fios Quantum Gateway (G1100) |
Affected:
Firmware version 02.01.00.05
|
Date Public
2019-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-17"
},
{
"name": "107883",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107883"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fios Quantum Gateway (G1100)",
"vendor": "Verizon",
"versions": [
{
"status": "affected",
"version": "Firmware version 02.01.00.05"
}
]
}
],
"datePublic": "2019-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept and replay login requests to gain access to the administrative web interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Login Replay",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-12T10:06:00.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-17"
},
{
"name": "107883",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107883"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fios Quantum Gateway (G1100)",
"version": {
"version_data": [
{
"version_value": "Firmware version 02.01.00.05"
}
]
}
}
]
},
"vendor_name": "Verizon"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept and replay login requests to gain access to the administrative web interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Login Replay"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-17",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-17"
},
{
"name": "107883",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107883"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3915",
"datePublished": "2019-04-11T13:59:46.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:26:27.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3914 (GCVE-0-2019-3914)
Vulnerability from cvelistv5 – Published: 2019-04-11 13:53 – Updated: 2024-08-04 19:26
VLAI
KEVIntel
Summary
Remote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows a remote, authenticated attacker to execute arbitrary commands on the target device by adding an access control rule for a network object with a crafted hostname.
Severity
No CVSS data available.
CWE
- Authenticated Command Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.tenable.com/security/research/tra-2019-17 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Verizon | Fios Quantum Gateway (G1100) |
Affected:
Firmware version 02.01.00.05
|
Date Public
2019-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fios Quantum Gateway (G1100)",
"vendor": "Verizon",
"versions": [
{
"status": "affected",
"version": "Firmware version 02.01.00.05"
}
]
}
],
"datePublic": "2019-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Remote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows a remote, authenticated attacker to execute arbitrary commands on the target device by adding an access control rule for a network object with a crafted hostname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-11T13:53:37.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-17"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fios Quantum Gateway (G1100)",
"version": {
"version_data": [
{
"version_value": "Firmware version 02.01.00.05"
}
]
}
}
]
},
"vendor_name": "Verizon"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows a remote, authenticated attacker to execute arbitrary commands on the target device by adding an access control rule for a network object with a crafted hostname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authenticated Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-17",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-17"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3914",
"datePublished": "2019-04-11T13:53:37.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:26:27.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4875 (GCVE-0-2013-4875)
Vulnerability from cvelistv5 – Published: 2013-07-18 14:00 – Updated: 2024-08-06 16:59
VLAI
Summary
The Uboot bootloader on the Verizon Wireless Network Extender SCS-2U01 allows physically proximate attackers to bypass the intended boot process and obtain a login prompt by connecting a crafted HDMI cable and sending a SysReq interrupt.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/BLUU-997M5B | x_refsource_MISC |
| http://www.kb.cert.org/vuls/id/458007 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/bid/61169 | vdb-entryx_refsource_BID |
Date Public
2013-07-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:40.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
},
{
"name": "VU#458007",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/458007"
},
{
"name": "61169",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61169"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Uboot bootloader on the Verizon Wireless Network Extender SCS-2U01 allows physically proximate attackers to bypass the intended boot process and obtain a login prompt by connecting a crafted HDMI cable and sending a SysReq interrupt."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-22T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
},
{
"name": "VU#458007",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/458007"
},
{
"name": "61169",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61169"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Uboot bootloader on the Verizon Wireless Network Extender SCS-2U01 allows physically proximate attackers to bypass the intended boot process and obtain a login prompt by connecting a crafted HDMI cable and sending a SysReq interrupt."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kb.cert.org/vuls/id/BLUU-997M5B",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
},
{
"name": "VU#458007",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/458007"
},
{
"name": "61169",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61169"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4875",
"datePublished": "2013-07-18T14:00:00.000Z",
"dateReserved": "2013-07-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:59:40.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4877 (GCVE-0-2013-4877)
Vulnerability from cvelistv5 – Published: 2013-07-18 14:00 – Updated: 2024-08-06 16:59
VLAI
Summary
The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/BLUU-997M5B | x_refsource_MISC |
| http://www.kb.cert.org/vuls/id/458007 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/bid/61169 | vdb-entryx_refsource_BID |
Date Public
2013-07-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:40.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
},
{
"name": "VU#458007",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/458007"
},
{
"name": "61169",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61169"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-22T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
},
{
"name": "VU#458007",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/458007"
},
{
"name": "61169",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61169"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kb.cert.org/vuls/id/BLUU-997M5B",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
},
{
"name": "VU#458007",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/458007"
},
{
"name": "61169",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61169"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4877",
"datePublished": "2013-07-18T14:00:00.000Z",
"dateReserved": "2013-07-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:59:40.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4874 (GCVE-0-2013-4874)
Vulnerability from cvelistv5 – Published: 2013-07-18 14:00 – Updated: 2024-08-06 16:59
VLAI
Summary
The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/BLUU-997M5B | x_refsource_MISC |
| http://www.kb.cert.org/vuls/id/458007 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/bid/61169 | vdb-entryx_refsource_BID |
Date Public
2013-07-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:40.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
},
{
"name": "VU#458007",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/458007"
},
{
"name": "61169",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61169"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-22T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
},
{
"name": "VU#458007",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/458007"
},
{
"name": "61169",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61169"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kb.cert.org/vuls/id/BLUU-997M5B",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
},
{
"name": "VU#458007",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/458007"
},
{
"name": "61169",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61169"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4874",
"datePublished": "2013-07-18T14:00:00.000Z",
"dateReserved": "2013-07-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:59:40.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4876 (GCVE-0-2013-4876)
Vulnerability from cvelistv5 – Published: 2013-07-18 14:00 – Updated: 2024-09-16 19:14
VLAI
Summary
The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers to obtain administrative access by leveraging a login prompt.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/BLUU-997M5B | x_refsource_MISC |
| http://www.kb.cert.org/vuls/id/458007 | third-party-advisoryx_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:40.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
},
{
"name": "VU#458007",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/458007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers to obtain administrative access by leveraging a login prompt."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-18T14:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
},
{
"name": "VU#458007",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/458007"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers to obtain administrative access by leveraging a login prompt."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kb.cert.org/vuls/id/BLUU-997M5B",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
},
{
"name": "VU#458007",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/458007"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4876",
"datePublished": "2013-07-18T14:00:00.000Z",
"dateReserved": "2013-07-18T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:14:06.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201303-0222
Vulnerability from variot - Updated: 2024-04-19 22:51Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the username and user_level parameters or (2) enable remote administration via the is_telnet_primary and is_telnet_secondary parameters. Verizon FiOS Actiontec Router MI424WR-GEN3I Contains a cross-site request forgery vulnerability.If a user loads a malicious page while logged in to the product, the product may be operated. The Verizon FiOS router is prone to a cross-site request-forgery vulnerability. Successful exploits can result in privileged commands running on the affected devices, including enabling remote access to the web administration interface. This may lead to further network-based attacks. Verizon FIOS Router running firmware 40.19.36 is vulnerable; other version may also be affected. Verizon FIOS is a wireless fiber optic broadband router produced by Verizon in the United States
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201303-0222",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fios actiontec mi424wr-gen31 router",
"scope": "eq",
"trust": 1.6,
"vendor": "verizon",
"version": "40.19.36"
},
{
"model": "fios actiontec mi424wr-gen31 router",
"scope": "eq",
"trust": 1.0,
"vendor": "verizon",
"version": null
},
{
"model": "fios actiontec mi424wr-gen3i",
"scope": null,
"trust": 0.8,
"vendor": "verizon",
"version": null
},
{
"model": "fios actiontec mi424wr-gen3i",
"scope": "eq",
"trust": 0.8,
"vendor": "verizon",
"version": "version 40.19.36"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001920"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-353"
},
{
"db": "NVD",
"id": "CVE-2013-0126"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:verizon:fios_actiontec_mi424wr-gen31_router_firmware:40.19.36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:verizon:fios_actiontec_mi424wr-gen31_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0126"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Holcomb of Independent Security Evaluators",
"sources": [
{
"db": "BID",
"id": "58553"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-353"
}
],
"trust": 0.9
},
"cve": "CVE-2013-0126",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-0126",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-60128",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-0126",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201303-353",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-60128",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60128"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001920"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-353"
},
{
"db": "NVD",
"id": "CVE-2013-0126"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the username and user_level parameters or (2) enable remote administration via the is_telnet_primary and is_telnet_secondary parameters. Verizon FiOS Actiontec Router MI424WR-GEN3I Contains a cross-site request forgery vulnerability.If a user loads a malicious page while logged in to the product, the product may be operated. The Verizon FiOS router is prone to a cross-site request-forgery vulnerability. \nSuccessful exploits can result in privileged commands running on the affected devices, including enabling remote access to the web administration interface. This may lead to further network-based attacks. \nVerizon FIOS Router running firmware 40.19.36 is vulnerable; other version may also be affected. Verizon FIOS is a wireless fiber optic broadband router produced by Verizon in the United States",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0126"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001920"
},
{
"db": "BID",
"id": "58553"
},
{
"db": "VULHUB",
"id": "VHN-60128"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-60128",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60128"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-0126",
"trust": 2.8
},
{
"db": "CERT/CC",
"id": "VU#278204",
"trust": 2.8
},
{
"db": "EXPLOIT-DB",
"id": "24860",
"trust": 1.7
},
{
"db": "BID",
"id": "58553",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU92635832",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001920",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201303-353",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "52693",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-78547",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "120869",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-60128",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60128"
},
{
"db": "BID",
"id": "58553"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001920"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-353"
},
{
"db": "NVD",
"id": "CVE-2013-0126"
}
]
},
"id": "VAR-201303-0222",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-60128"
}
],
"trust": 0.01
},
"last_update_date": "2024-04-19T22:51:28.352000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.verizonwireless.com/b2c/index.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001920"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60128"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001920"
},
{
"db": "NVD",
"id": "CVE-2013-0126"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/278204"
},
{
"trust": 2.0,
"url": "http://infosec42.blogspot.com/2013/03/verizon-fios-router-csrf-cve-2013-0126.html"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/24860/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0126"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu92635832/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0126"
},
{
"trust": 0.8,
"url": "http://www.actiontec.com/products/product.php?pid=41#.uvaphjevoa5"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/52693"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/58553"
},
{
"trust": 0.3,
"url": "http://www.actiontec.com/products/product.php?pid=189#.uuee-dekxn8"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60128"
},
{
"db": "BID",
"id": "58553"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001920"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-353"
},
{
"db": "NVD",
"id": "CVE-2013-0126"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-60128"
},
{
"db": "BID",
"id": "58553"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001920"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-353"
},
{
"db": "NVD",
"id": "CVE-2013-0126"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-60128"
},
{
"date": "2013-03-18T00:00:00",
"db": "BID",
"id": "58553"
},
{
"date": "2013-03-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001920"
},
{
"date": "2013-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-353"
},
{
"date": "2013-03-21T20:55:01.910000",
"db": "NVD",
"id": "CVE-2013-0126"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-07T00:00:00",
"db": "VULHUB",
"id": "VHN-60128"
},
{
"date": "2013-03-18T00:00:00",
"db": "BID",
"id": "58553"
},
{
"date": "2013-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001920"
},
{
"date": "2013-03-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-353"
},
{
"date": "2013-10-07T20:31:53.100000",
"db": "NVD",
"id": "CVE-2013-0126"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201303-353"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Verizon FiOS Actiontec Router MI424WR-GEN3I Cross-site request forgery vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001920"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201303-353"
}
],
"trust": 0.6
}
}
VAR-201911-1481
Vulnerability from variot - Updated: 2023-12-18 13:13Unspecified Cross-site scripting (XSS) vulnerability in the Verizon FIOS Actiontec MI424WR-GEN3I router. Verizon Fios Actiontec model MI424WR-GEN3I router has a cross-site scripting vulnerability that allows remote attackers to exploit vulnerabilities to build malicious URIs, entice users to parse, obtain sensitive information or hijack user sessions. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1481",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mi424wr-gen3i",
"scope": "eq",
"trust": 1.0,
"vendor": "actiontec",
"version": null
},
{
"model": "fios actiontec mi424wr-gen3i",
"scope": null,
"trust": 0.8,
"vendor": "verizon",
"version": null
},
{
"model": "fios actiontec model mi424wr-gen3i router",
"scope": "eq",
"trust": 0.6,
"vendor": "verizon",
"version": "40.19.36"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04058"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006931"
},
{
"db": "NVD",
"id": "CVE-2013-3097"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:actiontec:mi424wr-gen3i_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:actiontec:mi424wr-gen3i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3097"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Holcomb of Independent Security Evaluators",
"sources": [
{
"db": "BID",
"id": "59479"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-550"
}
],
"trust": 0.9
},
"cve": "CVE-2013-3097",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-3097",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2013-04058",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2013-3097",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-3097",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-04058",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201304-550",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04058"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006931"
},
{
"db": "NVD",
"id": "CVE-2013-3097"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-550"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified Cross-site scripting (XSS) vulnerability in the Verizon FIOS Actiontec MI424WR-GEN3I router. Verizon Fios Actiontec model MI424WR-GEN3I router has a cross-site scripting vulnerability that allows remote attackers to exploit vulnerabilities to build malicious URIs, entice users to parse, obtain sensitive information or hijack user sessions. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3097"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006931"
},
{
"db": "CNVD",
"id": "CNVD-2013-04058"
},
{
"db": "BID",
"id": "59479"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3097",
"trust": 3.3
},
{
"db": "BID",
"id": "59479",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006931",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-04058",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201304-550",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04058"
},
{
"db": "BID",
"id": "59479"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006931"
},
{
"db": "NVD",
"id": "CVE-2013-3097"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-550"
}
]
},
"id": "VAR-201911-1481",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04058"
}
],
"trust": 1.2666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04058"
}
]
},
"last_update_date": "2023-12-18T13:13:11.946000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.verizonwireless.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006931"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006931"
},
{
"db": "NVD",
"id": "CVE-2013-3097"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/59479"
},
{
"trust": 1.6,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83785"
},
{
"trust": 1.6,
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3097"
},
{
"trust": 0.9,
"url": "http://securityevaluators.com/content/case-studies/routers/actiontec.jsp"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3097"
},
{
"trust": 0.6,
"url": "http://news.cnet.com/8301-1009_3-57579981-83/top-wi-fi-routers-easy-to-hack-says-study/"
},
{
"trust": 0.6,
"url": "http://securityevaluators.com/content/case-studies/routers/soho_router_hacks.jsp"
},
{
"trust": 0.3,
"url": "http://www.actiontec.com/products/product.php?pid=189#.uuee-dekxn8"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04058"
},
{
"db": "BID",
"id": "59479"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006931"
},
{
"db": "NVD",
"id": "CVE-2013-3097"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-550"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-04058"
},
{
"db": "BID",
"id": "59479"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006931"
},
{
"db": "NVD",
"id": "CVE-2013-3097"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-550"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04058"
},
{
"date": "2013-04-25T00:00:00",
"db": "BID",
"id": "59479"
},
{
"date": "2019-11-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006931"
},
{
"date": "2019-11-13T22:15:11.240000",
"db": "NVD",
"id": "CVE-2013-3097"
},
{
"date": "2013-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-550"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04058"
},
{
"date": "2013-04-25T00:00:00",
"db": "BID",
"id": "59479"
},
{
"date": "2019-11-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006931"
},
{
"date": "2019-11-18T14:41:51.550000",
"db": "NVD",
"id": "CVE-2013-3097"
},
{
"date": "2019-11-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-550"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-550"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Verizon FIOS Actiontec MI424WR-GEN3I Router cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006931"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-550"
}
],
"trust": 0.6
}
}
VAR-201307-0388
Vulnerability from variot - Updated: 2023-12-18 12:38The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers to obtain administrative access by leveraging a login prompt. iSEC Partners has reported that the Verizon Wireless Network Extender models SCS-26UC4 and SCS-2U01 made by Samsung are susceptible to a local compromise using a custom HDMI cable. Once compromised the device can be used to eavesdrop on voice, text and data communication for mobile devices that connect to the Network Extender. The Verizon Wireless Network Extender is a low-power cellular base station that provides Internet services using an Internet connection. The Verizon Wireless Network Extender has multiple security vulnerabilities to increase permissions or clone other user phones. Use a special console cable to connect to the device and submit a special command sequence to get the root shell. Use the SysReq (System Request) interrupt to gain access to the console and obtain the root shell. In addition, Network Extender does not use Cellular Authentication and Voice Encryption (CAVE) authentication. For mobile phone authentication, the device only uses ESN and MIN. These numbers can physically access the phone or sniff the registration message sent to Network Extender for acquisition. Defects and incorrect validation can be done by running custom code on the Network Extender and going to any phone's ESN and MIN, using these numbers to clone the phone without physical access. A local attacker exploits the vulnerability to escalate permissions and clones the phone. An attacker could exploit this vulnerability to bypass certain security restrictions and perform unauthorized actions. Attackers can use these vulnerabilities to execute arbitrary code with elevated privileges and take complete control of the device. This BID is being retired. The vulnerability stems from the program's use of a hardcoded password for the root account
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201307-0388",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wireless network extender",
"scope": "eq",
"trust": 1.6,
"vendor": "verizon",
"version": "scs-2u01"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "verizon",
"version": null
},
{
"model": "network extender",
"scope": "eq",
"trust": 0.8,
"vendor": "verizon",
"version": "scs-2u01"
},
{
"model": "wireless network extender models scs-26uc4",
"scope": null,
"trust": 0.6,
"vendor": "verizon",
"version": null
},
{
"model": "wireless network extender models scs-2u01",
"scope": null,
"trust": 0.6,
"vendor": "verizon",
"version": null
},
{
"model": "wireless network extender scs-2u01",
"scope": null,
"trust": 0.6,
"vendor": "verizon",
"version": null
},
{
"model": "wireless network extender scs-2u01",
"scope": "eq",
"trust": 0.3,
"vendor": "verizon",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#458007"
},
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "CNVD",
"id": "CNVD-2013-10689"
},
{
"db": "BID",
"id": "61357"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003460"
},
{
"db": "NVD",
"id": "CVE-2013-4876"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-416"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:verizon:wireless_network_extender:scs-2u01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4876"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iSEC Partners",
"sources": [
{
"db": "BID",
"id": "61169"
},
{
"db": "BID",
"id": "61357"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-296"
}
],
"trust": 1.2
},
"cve": "CVE-2013-4876",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2013-4876",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "CNVD-2013-10005",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "CNVD-2013-10689",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "VHN-64878",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:H/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-4876",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-10005",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-10689",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201307-416",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-64878",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "CNVD",
"id": "CNVD-2013-10689"
},
{
"db": "VULHUB",
"id": "VHN-64878"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003460"
},
{
"db": "NVD",
"id": "CVE-2013-4876"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-416"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers to obtain administrative access by leveraging a login prompt. iSEC Partners has reported that the Verizon Wireless Network Extender models SCS-26UC4 and SCS-2U01 made by Samsung are susceptible to a local compromise using a custom HDMI cable. Once compromised the device can be used to eavesdrop on voice, text and data communication for mobile devices that connect to the Network Extender. The Verizon Wireless Network Extender is a low-power cellular base station that provides Internet services using an Internet connection. The Verizon Wireless Network Extender has multiple security vulnerabilities to increase permissions or clone other user phones. Use a special console cable to connect to the device and submit a special command sequence to get the root shell. Use the SysReq (System Request) interrupt to gain access to the console and obtain the root shell. In addition, Network Extender does not use Cellular Authentication and Voice Encryption (CAVE) authentication. For mobile phone authentication, the device only uses ESN and MIN. These numbers can physically access the phone or sniff the registration message sent to Network Extender for acquisition. Defects and incorrect validation can be done by running custom code on the Network Extender and going to any phone\u0027s ESN and MIN, using these numbers to clone the phone without physical access. A local attacker exploits the vulnerability to escalate permissions and clones the phone. An attacker could exploit this vulnerability to bypass certain security restrictions and perform unauthorized actions. Attackers can use these vulnerabilities to execute arbitrary code with elevated privileges and take complete control of the device. \nThis BID is being retired. The vulnerability stems from the program\u0027s use of a hardcoded password for the root account",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4876"
},
{
"db": "CERT/CC",
"id": "VU#458007"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003460"
},
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "CNVD",
"id": "CNVD-2013-10689"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-296"
},
{
"db": "BID",
"id": "61169"
},
{
"db": "BID",
"id": "61357"
},
{
"db": "VULHUB",
"id": "VHN-64878"
}
],
"trust": 4.59
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#458007",
"trust": 4.8
},
{
"db": "NVD",
"id": "CVE-2013-4876",
"trust": 3.4
},
{
"db": "BID",
"id": "61169",
"trust": 1.5
},
{
"db": "BID",
"id": "61357",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU94014626",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003460",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201307-416",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-10005",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2013-10689",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201307-296",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-64878",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#458007"
},
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "CNVD",
"id": "CNVD-2013-10689"
},
{
"db": "VULHUB",
"id": "VHN-64878"
},
{
"db": "BID",
"id": "61169"
},
{
"db": "BID",
"id": "61357"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003460"
},
{
"db": "NVD",
"id": "CVE-2013-4876"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-296"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-416"
}
]
},
"id": "VAR-201307-0388",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "CNVD",
"id": "CNVD-2013-10689"
},
{
"db": "VULHUB",
"id": "VHN-64878"
}
],
"trust": 2.1611111000000003
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "CNVD",
"id": "CNVD-2013-10689"
}
]
},
"last_update_date": "2023-12-18T12:38:32.364000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Verizon Wireless Network Extender",
"trust": 0.8,
"url": "http://www.verizonwireless.com/b2c/device/network-extender"
},
{
"title": "Patch for multiple local privilege escalation vulnerabilities in the Verizon Wireless Network Extender",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/36382"
},
{
"title": "Verizon Wireless Network Extender hardcoded password security bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/36473"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "CNVD",
"id": "CNVD-2013-10689"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003460"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64878"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003460"
},
{
"db": "NVD",
"id": "CVE-2013-4876"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.kb.cert.org/vuls/id/458007"
},
{
"trust": 3.1,
"url": "http://www.kb.cert.org/vuls/id/bluu-997m5b"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4876"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu94014626/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4876"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/61169"
},
{
"trust": 0.3,
"url": "http://www.verizonwireless.com/b2c/device/network-extender?"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#458007"
},
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "CNVD",
"id": "CNVD-2013-10689"
},
{
"db": "VULHUB",
"id": "VHN-64878"
},
{
"db": "BID",
"id": "61357"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003460"
},
{
"db": "NVD",
"id": "CVE-2013-4876"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-296"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-416"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#458007"
},
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "CNVD",
"id": "CNVD-2013-10689"
},
{
"db": "VULHUB",
"id": "VHN-64878"
},
{
"db": "BID",
"id": "61169"
},
{
"db": "BID",
"id": "61357"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003460"
},
{
"db": "NVD",
"id": "CVE-2013-4876"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-296"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-416"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-07-15T00:00:00",
"db": "CERT/CC",
"id": "VU#458007"
},
{
"date": "2013-07-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"date": "2013-07-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-10689"
},
{
"date": "2013-07-18T00:00:00",
"db": "VULHUB",
"id": "VHN-64878"
},
{
"date": "2013-07-15T00:00:00",
"db": "BID",
"id": "61169"
},
{
"date": "2013-07-16T00:00:00",
"db": "BID",
"id": "61357"
},
{
"date": "2013-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003460"
},
{
"date": "2013-07-18T16:51:40.393000",
"db": "NVD",
"id": "CVE-2013-4876"
},
{
"date": "2013-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-296"
},
{
"date": "2013-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-416"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-07-23T00:00:00",
"db": "CERT/CC",
"id": "VU#458007"
},
{
"date": "2013-07-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"date": "2013-07-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-10689"
},
{
"date": "2013-07-19T00:00:00",
"db": "VULHUB",
"id": "VHN-64878"
},
{
"date": "2013-07-23T02:23:00",
"db": "BID",
"id": "61169"
},
{
"date": "2013-07-16T00:00:00",
"db": "BID",
"id": "61357"
},
{
"date": "2013-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003460"
},
{
"date": "2013-07-19T04:00:00",
"db": "NVD",
"id": "CVE-2013-4876"
},
{
"date": "2013-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-296"
},
{
"date": "2013-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-416"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "61169"
},
{
"db": "BID",
"id": "61357"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-296"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-416"
}
],
"trust": 1.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Verizon Wireless Network Extender multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#458007"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201307-296"
}
],
"trust": 0.6
}
}
VAR-201307-0387
Vulnerability from variot - Updated: 2023-12-18 12:38The Uboot bootloader on the Verizon Wireless Network Extender SCS-2U01 allows physically proximate attackers to bypass the intended boot process and obtain a login prompt by connecting a crafted HDMI cable and sending a SysReq interrupt. iSEC Partners has reported that the Verizon Wireless Network Extender models SCS-26UC4 and SCS-2U01 made by Samsung are susceptible to a local compromise using a custom HDMI cable. Once compromised the device can be used to eavesdrop on voice, text and data communication for mobile devices that connect to the Network Extender. The Verizon Wireless Network Extender is a low-power cellular base station that provides Internet services using an Internet connection. The Verizon Wireless Network Extender has multiple security vulnerabilities to increase permissions or clone other user phones. Use a special console cable to connect to the device and submit a special command sequence to get the root shell. Use the SysReq (System Request) interrupt to gain access to the console and obtain the root shell. In addition, Network Extender does not use Cellular Authentication and Voice Encryption (CAVE) authentication. For mobile phone authentication, the device only uses ESN and MIN. These numbers can physically access the phone or sniff the registration message sent to Network Extender for acquisition. Defects and incorrect validation can be done by running custom code on the Network Extender and going to any phone's ESN and MIN, using these numbers to clone the phone without physical access. A local attacker exploits the vulnerability to escalate permissions and clones the phone. Attackers can use these vulnerabilities to execute arbitrary code with elevated privileges and take complete control of the device. This BID is being retired
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201307-0387",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wireless network extender",
"scope": "eq",
"trust": 1.6,
"vendor": "verizon",
"version": "scs-2u01"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "verizon",
"version": null
},
{
"model": "network extender",
"scope": "eq",
"trust": 0.8,
"vendor": "verizon",
"version": "scs-2u01"
},
{
"model": "wireless network extender models scs-26uc4",
"scope": null,
"trust": 0.6,
"vendor": "verizon",
"version": null
},
{
"model": "wireless network extender models scs-2u01",
"scope": null,
"trust": 0.6,
"vendor": "verizon",
"version": null
},
{
"model": "wireless network extender scs-2u01",
"scope": "eq",
"trust": 0.3,
"vendor": "verizon",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#458007"
},
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "BID",
"id": "61394"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003459"
},
{
"db": "NVD",
"id": "CVE-2013-4875"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-415"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:verizon:wireless_network_extender:scs-2u01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4875"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iSEC Partners",
"sources": [
{
"db": "BID",
"id": "61169"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-296"
}
],
"trust": 0.9
},
"cve": "CVE-2013-4875",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2013-4875",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "CNVD-2013-10005",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "VHN-64877",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:H/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-4875",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-10005",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201307-415",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-64877",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "VULHUB",
"id": "VHN-64877"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003459"
},
{
"db": "NVD",
"id": "CVE-2013-4875"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-415"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Uboot bootloader on the Verizon Wireless Network Extender SCS-2U01 allows physically proximate attackers to bypass the intended boot process and obtain a login prompt by connecting a crafted HDMI cable and sending a SysReq interrupt. iSEC Partners has reported that the Verizon Wireless Network Extender models SCS-26UC4 and SCS-2U01 made by Samsung are susceptible to a local compromise using a custom HDMI cable. Once compromised the device can be used to eavesdrop on voice, text and data communication for mobile devices that connect to the Network Extender. The Verizon Wireless Network Extender is a low-power cellular base station that provides Internet services using an Internet connection. The Verizon Wireless Network Extender has multiple security vulnerabilities to increase permissions or clone other user phones. Use a special console cable to connect to the device and submit a special command sequence to get the root shell. Use the SysReq (System Request) interrupt to gain access to the console and obtain the root shell. In addition, Network Extender does not use Cellular Authentication and Voice Encryption (CAVE) authentication. For mobile phone authentication, the device only uses ESN and MIN. These numbers can physically access the phone or sniff the registration message sent to Network Extender for acquisition. Defects and incorrect validation can be done by running custom code on the Network Extender and going to any phone\u0027s ESN and MIN, using these numbers to clone the phone without physical access. A local attacker exploits the vulnerability to escalate permissions and clones the phone. Attackers can use these vulnerabilities to execute arbitrary code with elevated privileges and take complete control of the device. \nThis BID is being retired",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4875"
},
{
"db": "CERT/CC",
"id": "VU#458007"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003459"
},
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-296"
},
{
"db": "BID",
"id": "61169"
},
{
"db": "BID",
"id": "61394"
},
{
"db": "VULHUB",
"id": "VHN-64877"
}
],
"trust": 4.05
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#458007",
"trust": 4.2
},
{
"db": "NVD",
"id": "CVE-2013-4875",
"trust": 2.8
},
{
"db": "BID",
"id": "61169",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU94014626",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003459",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-10005",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201307-296",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201307-415",
"trust": 0.6
},
{
"db": "BID",
"id": "61394",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-64877",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#458007"
},
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "VULHUB",
"id": "VHN-64877"
},
{
"db": "BID",
"id": "61169"
},
{
"db": "BID",
"id": "61394"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003459"
},
{
"db": "NVD",
"id": "CVE-2013-4875"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-296"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-415"
}
]
},
"id": "VAR-201307-0387",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "VULHUB",
"id": "VHN-64877"
}
],
"trust": 1.5611111
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-10005"
}
]
},
"last_update_date": "2023-12-18T12:38:32.321000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Verizon Wireless Network Extender",
"trust": 0.8,
"url": "http://www.verizonwireless.com/b2c/device/network-extender"
},
{
"title": "Patch for multiple local privilege escalation vulnerabilities in the Verizon Wireless Network Extender",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/36382"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003459"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64877"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003459"
},
{
"db": "NVD",
"id": "CVE-2013-4875"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.kb.cert.org/vuls/id/458007"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/bluu-997m5b"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/61169"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4875"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu94014626/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4875"
},
{
"trust": 0.3,
"url": "http://www.verizonwireless.com/b2c/device/network-extender?"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#458007"
},
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "VULHUB",
"id": "VHN-64877"
},
{
"db": "BID",
"id": "61394"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003459"
},
{
"db": "NVD",
"id": "CVE-2013-4875"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-296"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-415"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#458007"
},
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "VULHUB",
"id": "VHN-64877"
},
{
"db": "BID",
"id": "61169"
},
{
"db": "BID",
"id": "61394"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003459"
},
{
"db": "NVD",
"id": "CVE-2013-4875"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-296"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-415"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-07-15T00:00:00",
"db": "CERT/CC",
"id": "VU#458007"
},
{
"date": "2013-07-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"date": "2013-07-18T00:00:00",
"db": "VULHUB",
"id": "VHN-64877"
},
{
"date": "2013-07-15T00:00:00",
"db": "BID",
"id": "61169"
},
{
"date": "2013-07-15T00:00:00",
"db": "BID",
"id": "61394"
},
{
"date": "2013-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003459"
},
{
"date": "2013-07-18T16:51:40.383000",
"db": "NVD",
"id": "CVE-2013-4875"
},
{
"date": "2013-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-296"
},
{
"date": "2013-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-415"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-07-23T00:00:00",
"db": "CERT/CC",
"id": "VU#458007"
},
{
"date": "2013-07-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"date": "2013-08-22T00:00:00",
"db": "VULHUB",
"id": "VHN-64877"
},
{
"date": "2013-07-23T02:23:00",
"db": "BID",
"id": "61169"
},
{
"date": "2013-07-15T00:00:00",
"db": "BID",
"id": "61394"
},
{
"date": "2013-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003459"
},
{
"date": "2013-08-22T06:54:39.807000",
"db": "NVD",
"id": "CVE-2013-4875"
},
{
"date": "2013-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-296"
},
{
"date": "2013-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-415"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "61169"
},
{
"db": "BID",
"id": "61394"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-296"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-415"
}
],
"trust": 1.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Verizon Wireless Network Extender multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#458007"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "61169"
},
{
"db": "BID",
"id": "61394"
}
],
"trust": 0.6
}
}
VAR-201307-0386
Vulnerability from variot - Updated: 2023-12-18 12:38The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable. iSEC Partners has reported that the Verizon Wireless Network Extender models SCS-26UC4 and SCS-2U01 made by Samsung are susceptible to a local compromise using a custom HDMI cable. Once compromised the device can be used to eavesdrop on voice, text and data communication for mobile devices that connect to the Network Extender. The Verizon Wireless Network Extender is a low-power cellular base station that provides Internet services using an Internet connection. The Verizon Wireless Network Extender has multiple security vulnerabilities to increase permissions or clone other user phones. Use a special console cable to connect to the device and submit a special command sequence to get the root shell. Use the SysReq (System Request) interrupt to gain access to the console and obtain the root shell. In addition, Network Extender does not use Cellular Authentication and Voice Encryption (CAVE) authentication. For mobile phone authentication, the device only uses ESN and MIN. These numbers can physically access the phone or sniff the registration message sent to Network Extender for acquisition. Defects and incorrect validation can be done by running custom code on the Network Extender and going to any phone's ESN and MIN, using these numbers to clone the phone without physical access. A local attacker exploits the vulnerability to escalate permissions and clones the phone. Attackers can use these vulnerabilities to execute arbitrary code with elevated privileges and take complete control of the device. This BID is being retired
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201307-0386",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wireless network extender",
"scope": "eq",
"trust": 1.6,
"vendor": "verizon",
"version": "scs-26uc4"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "verizon",
"version": null
},
{
"model": "network extender",
"scope": "eq",
"trust": 0.8,
"vendor": "verizon",
"version": "scs-26uc4"
},
{
"model": "wireless network extender models scs-26uc4",
"scope": null,
"trust": 0.6,
"vendor": "verizon",
"version": null
},
{
"model": "wireless network extender models scs-2u01",
"scope": null,
"trust": 0.6,
"vendor": "verizon",
"version": null
},
{
"model": "wireless network extender scs-26uc4",
"scope": "eq",
"trust": 0.3,
"vendor": "verizon",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#458007"
},
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "BID",
"id": "61395"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003458"
},
{
"db": "NVD",
"id": "CVE-2013-4874"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-414"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:verizon:wireless_network_extender:scs-26uc4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4874"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iSEC Partners",
"sources": [
{
"db": "BID",
"id": "61169"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-296"
}
],
"trust": 0.9
},
"cve": "CVE-2013-4874",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2013-4874",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "CNVD-2013-10005",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "VHN-64876",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:H/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-4874",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-10005",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201307-414",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-64876",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "VULHUB",
"id": "VHN-64876"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003458"
},
{
"db": "NVD",
"id": "CVE-2013-4874"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-414"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable. iSEC Partners has reported that the Verizon Wireless Network Extender models SCS-26UC4 and SCS-2U01 made by Samsung are susceptible to a local compromise using a custom HDMI cable. Once compromised the device can be used to eavesdrop on voice, text and data communication for mobile devices that connect to the Network Extender. The Verizon Wireless Network Extender is a low-power cellular base station that provides Internet services using an Internet connection. The Verizon Wireless Network Extender has multiple security vulnerabilities to increase permissions or clone other user phones. Use a special console cable to connect to the device and submit a special command sequence to get the root shell. Use the SysReq (System Request) interrupt to gain access to the console and obtain the root shell. In addition, Network Extender does not use Cellular Authentication and Voice Encryption (CAVE) authentication. For mobile phone authentication, the device only uses ESN and MIN. These numbers can physically access the phone or sniff the registration message sent to Network Extender for acquisition. Defects and incorrect validation can be done by running custom code on the Network Extender and going to any phone\u0027s ESN and MIN, using these numbers to clone the phone without physical access. A local attacker exploits the vulnerability to escalate permissions and clones the phone. Attackers can use these vulnerabilities to execute arbitrary code with elevated privileges and take complete control of the device. \nThis BID is being retired",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4874"
},
{
"db": "CERT/CC",
"id": "VU#458007"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003458"
},
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-296"
},
{
"db": "BID",
"id": "61169"
},
{
"db": "BID",
"id": "61395"
},
{
"db": "VULHUB",
"id": "VHN-64876"
}
],
"trust": 4.05
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#458007",
"trust": 4.2
},
{
"db": "NVD",
"id": "CVE-2013-4874",
"trust": 2.8
},
{
"db": "BID",
"id": "61169",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU94014626",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003458",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-10005",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201307-296",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201307-414",
"trust": 0.6
},
{
"db": "BID",
"id": "61395",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-64876",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#458007"
},
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "VULHUB",
"id": "VHN-64876"
},
{
"db": "BID",
"id": "61169"
},
{
"db": "BID",
"id": "61395"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003458"
},
{
"db": "NVD",
"id": "CVE-2013-4874"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-296"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-414"
}
]
},
"id": "VAR-201307-0386",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "VULHUB",
"id": "VHN-64876"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-10005"
}
]
},
"last_update_date": "2023-12-18T12:38:32.271000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Verizon Wireless Network Extender",
"trust": 0.8,
"url": "http://www.verizonwireless.com/b2c/device/network-extender"
},
{
"title": "Patch for multiple local privilege escalation vulnerabilities in the Verizon Wireless Network Extender",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/36382"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003458"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64876"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003458"
},
{
"db": "NVD",
"id": "CVE-2013-4874"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.kb.cert.org/vuls/id/458007"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/bluu-997m5b"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/61169"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4874"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu94014626/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4874"
},
{
"trust": 0.3,
"url": "http://www.verizonwireless.com/b2c/device/network-extender?"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#458007"
},
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "VULHUB",
"id": "VHN-64876"
},
{
"db": "BID",
"id": "61395"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003458"
},
{
"db": "NVD",
"id": "CVE-2013-4874"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-296"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-414"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#458007"
},
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "VULHUB",
"id": "VHN-64876"
},
{
"db": "BID",
"id": "61169"
},
{
"db": "BID",
"id": "61395"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003458"
},
{
"db": "NVD",
"id": "CVE-2013-4874"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-296"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-414"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-07-15T00:00:00",
"db": "CERT/CC",
"id": "VU#458007"
},
{
"date": "2013-07-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"date": "2013-07-18T00:00:00",
"db": "VULHUB",
"id": "VHN-64876"
},
{
"date": "2013-07-15T00:00:00",
"db": "BID",
"id": "61169"
},
{
"date": "2013-07-15T00:00:00",
"db": "BID",
"id": "61395"
},
{
"date": "2013-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003458"
},
{
"date": "2013-07-18T16:51:40.373000",
"db": "NVD",
"id": "CVE-2013-4874"
},
{
"date": "2013-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-296"
},
{
"date": "2013-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-414"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-07-23T00:00:00",
"db": "CERT/CC",
"id": "VU#458007"
},
{
"date": "2013-07-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"date": "2013-08-22T00:00:00",
"db": "VULHUB",
"id": "VHN-64876"
},
{
"date": "2013-07-23T02:23:00",
"db": "BID",
"id": "61169"
},
{
"date": "2013-07-15T00:00:00",
"db": "BID",
"id": "61395"
},
{
"date": "2013-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003458"
},
{
"date": "2013-08-22T06:54:39.730000",
"db": "NVD",
"id": "CVE-2013-4874"
},
{
"date": "2013-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-296"
},
{
"date": "2013-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-414"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "61169"
},
{
"db": "BID",
"id": "61395"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-296"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-414"
}
],
"trust": 1.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Verizon Wireless Network Extender multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#458007"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "61169"
},
{
"db": "BID",
"id": "61395"
}
],
"trust": 0.6
}
}
VAR-201307-0389
Vulnerability from variot - Updated: 2023-12-18 12:38The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets. iSEC Partners has reported that the Verizon Wireless Network Extender models SCS-26UC4 and SCS-2U01 made by Samsung are susceptible to a local compromise using a custom HDMI cable. Once compromised the device can be used to eavesdrop on voice, text and data communication for mobile devices that connect to the Network Extender. The Verizon Wireless Network Extender is a low-power cellular base station that provides Internet services using an Internet connection. The Verizon Wireless Network Extender has multiple security vulnerabilities to increase permissions or clone other user phones. Use a special console cable to connect to the device and submit a special command sequence to get the root shell. Use the SysReq (System Request) interrupt to gain access to the console and obtain the root shell. In addition, Network Extender does not use Cellular Authentication and Voice Encryption (CAVE) authentication. For mobile phone authentication, the device only uses ESN and MIN. These numbers can physically access the phone or sniff the registration message sent to Network Extender for acquisition. Defects and incorrect validation can be done by running custom code on the Network Extender and going to any phone's ESN and MIN, using these numbers to clone the phone without physical access. A local attacker exploits the vulnerability to escalate permissions and clones the phone. Attackers can use these vulnerabilities to execute arbitrary code with elevated privileges and take complete control of the device. This BID is being retired. This may aid in cloning a phone without direct physical access and without a user's knowledge
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201307-0389",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wireless network extender",
"scope": "eq",
"trust": 1.6,
"vendor": "verizon",
"version": "scs-2u01"
},
{
"model": "wireless network extender",
"scope": "eq",
"trust": 1.6,
"vendor": "verizon",
"version": "scs-26uc4"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "verizon",
"version": null
},
{
"model": "network extender",
"scope": "eq",
"trust": 0.8,
"vendor": "verizon",
"version": "scs-26uc4"
},
{
"model": "network extender",
"scope": "eq",
"trust": 0.8,
"vendor": "verizon",
"version": "scs-2u01"
},
{
"model": "wireless network extender models scs-26uc4",
"scope": null,
"trust": 0.6,
"vendor": "verizon",
"version": null
},
{
"model": "wireless network extender models scs-2u01",
"scope": null,
"trust": 0.6,
"vendor": "verizon",
"version": null
},
{
"model": "wireless network extender scs-2u01",
"scope": "eq",
"trust": 0.3,
"vendor": "verizon",
"version": "0"
},
{
"model": "wireless network extender scs-26uc4",
"scope": "eq",
"trust": 0.3,
"vendor": "verizon",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#458007"
},
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "BID",
"id": "61393"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003461"
},
{
"db": "NVD",
"id": "CVE-2013-4877"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-417"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:verizon:wireless_network_extender:scs-2u01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:verizon:wireless_network_extender:scs-26uc4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4877"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iSEC Partners",
"sources": [
{
"db": "BID",
"id": "61169"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-296"
}
],
"trust": 0.9
},
"cve": "CVE-2013-4877",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 1.9,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-4877",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "CNVD-2013-10005",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 1.9,
"id": "VHN-64879",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:H/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-4877",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2013-10005",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201307-417",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-64879",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "VULHUB",
"id": "VHN-64879"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003461"
},
{
"db": "NVD",
"id": "CVE-2013-4877"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-417"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets. iSEC Partners has reported that the Verizon Wireless Network Extender models SCS-26UC4 and SCS-2U01 made by Samsung are susceptible to a local compromise using a custom HDMI cable. Once compromised the device can be used to eavesdrop on voice, text and data communication for mobile devices that connect to the Network Extender. The Verizon Wireless Network Extender is a low-power cellular base station that provides Internet services using an Internet connection. The Verizon Wireless Network Extender has multiple security vulnerabilities to increase permissions or clone other user phones. Use a special console cable to connect to the device and submit a special command sequence to get the root shell. Use the SysReq (System Request) interrupt to gain access to the console and obtain the root shell. In addition, Network Extender does not use Cellular Authentication and Voice Encryption (CAVE) authentication. For mobile phone authentication, the device only uses ESN and MIN. These numbers can physically access the phone or sniff the registration message sent to Network Extender for acquisition. Defects and incorrect validation can be done by running custom code on the Network Extender and going to any phone\u0027s ESN and MIN, using these numbers to clone the phone without physical access. A local attacker exploits the vulnerability to escalate permissions and clones the phone. Attackers can use these vulnerabilities to execute arbitrary code with elevated privileges and take complete control of the device. \nThis BID is being retired. This may aid in cloning a phone without direct physical access and without a user\u0027s knowledge",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4877"
},
{
"db": "CERT/CC",
"id": "VU#458007"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003461"
},
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-296"
},
{
"db": "BID",
"id": "61169"
},
{
"db": "BID",
"id": "61393"
},
{
"db": "VULHUB",
"id": "VHN-64879"
}
],
"trust": 4.05
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#458007",
"trust": 4.2
},
{
"db": "NVD",
"id": "CVE-2013-4877",
"trust": 2.8
},
{
"db": "BID",
"id": "61169",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU94014626",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003461",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201307-417",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-10005",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201307-296",
"trust": 0.6
},
{
"db": "BID",
"id": "61393",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-64879",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#458007"
},
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "VULHUB",
"id": "VHN-64879"
},
{
"db": "BID",
"id": "61169"
},
{
"db": "BID",
"id": "61393"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003461"
},
{
"db": "NVD",
"id": "CVE-2013-4877"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-296"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-417"
}
]
},
"id": "VAR-201307-0389",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "VULHUB",
"id": "VHN-64879"
}
],
"trust": 1.5611111
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-10005"
}
]
},
"last_update_date": "2023-12-18T12:38:32.224000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Verizon Wireless Network Extender",
"trust": 0.8,
"url": "http://www.verizonwireless.com/b2c/device/network-extender"
},
{
"title": "Patch for multiple local privilege escalation vulnerabilities in the Verizon Wireless Network Extender",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/36382"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003461"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64879"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003461"
},
{
"db": "NVD",
"id": "CVE-2013-4877"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.kb.cert.org/vuls/id/458007"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/bluu-997m5b"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/61169"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4877"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu94014626/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4877"
},
{
"trust": 0.3,
"url": "http://www.verizonwireless.com/b2c/device/network-extender?"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#458007"
},
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "VULHUB",
"id": "VHN-64879"
},
{
"db": "BID",
"id": "61393"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003461"
},
{
"db": "NVD",
"id": "CVE-2013-4877"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-296"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-417"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#458007"
},
{
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"db": "VULHUB",
"id": "VHN-64879"
},
{
"db": "BID",
"id": "61169"
},
{
"db": "BID",
"id": "61393"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003461"
},
{
"db": "NVD",
"id": "CVE-2013-4877"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-296"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-417"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-07-15T00:00:00",
"db": "CERT/CC",
"id": "VU#458007"
},
{
"date": "2013-07-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"date": "2013-07-18T00:00:00",
"db": "VULHUB",
"id": "VHN-64879"
},
{
"date": "2013-07-15T00:00:00",
"db": "BID",
"id": "61169"
},
{
"date": "2013-07-15T00:00:00",
"db": "BID",
"id": "61393"
},
{
"date": "2013-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003461"
},
{
"date": "2013-07-18T16:51:40.403000",
"db": "NVD",
"id": "CVE-2013-4877"
},
{
"date": "2013-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-296"
},
{
"date": "2013-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-417"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-07-23T00:00:00",
"db": "CERT/CC",
"id": "VU#458007"
},
{
"date": "2013-07-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-10005"
},
{
"date": "2013-08-22T00:00:00",
"db": "VULHUB",
"id": "VHN-64879"
},
{
"date": "2013-07-23T02:23:00",
"db": "BID",
"id": "61169"
},
{
"date": "2013-07-15T00:00:00",
"db": "BID",
"id": "61393"
},
{
"date": "2013-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003461"
},
{
"date": "2013-08-22T06:54:39.957000",
"db": "NVD",
"id": "CVE-2013-4877"
},
{
"date": "2013-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-296"
},
{
"date": "2013-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-417"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "61169"
},
{
"db": "BID",
"id": "61393"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-296"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-417"
}
],
"trust": 1.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Verizon Wireless Network Extender multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#458007"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "61169"
},
{
"db": "BID",
"id": "61393"
}
],
"trust": 0.6
}
}
VAR-201904-0313
Vulnerability from variot - Updated: 2023-12-18 12:18Remote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows a remote, authenticated attacker to execute arbitrary commands on the target device by adding an access control rule for a network object with a crafted hostname. Verizon Fios Quantum Gateway (G1100) The firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Verizon Wireless FiosQuantumGateway (G1100) is a wireless router from Verizon Wireless. A command injection vulnerability exists in VerizonFiosQuantumGateway (G1100) using firmware version 02.01.00.05. The vulnerability stems from the fact that external input data constructs executable commands, and the network system or product does not properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0313",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fios quantum gateway g1100",
"scope": "eq",
"trust": 1.8,
"vendor": "verizon",
"version": "02.01.00.05"
},
{
"model": "wireless fios quantum gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "verizon",
"version": "02.01.00.05"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24766"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003348"
},
{
"db": "NVD",
"id": "CVE-2019-3914"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:verizon:fios_quantum_gateway_g1100_firmware:02.01.00.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:verizon:fios_quantum_gateway_g1100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3914"
}
]
},
"cve": "CVE-2019-3914",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-3914",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-24766",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-155349",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3914",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-3914",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-24766",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-579",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-155349",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24766"
},
{
"db": "VULHUB",
"id": "VHN-155349"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003348"
},
{
"db": "NVD",
"id": "CVE-2019-3914"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-579"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Remote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows a remote, authenticated attacker to execute arbitrary commands on the target device by adding an access control rule for a network object with a crafted hostname. Verizon Fios Quantum Gateway (G1100) The firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Verizon Wireless FiosQuantumGateway (G1100) is a wireless router from Verizon Wireless. A command injection vulnerability exists in VerizonFiosQuantumGateway (G1100) using firmware version 02.01.00.05. The vulnerability stems from the fact that external input data constructs executable commands, and the network system or product does not properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3914"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003348"
},
{
"db": "CNVD",
"id": "CNVD-2019-24766"
},
{
"db": "VULHUB",
"id": "VHN-155349"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3914",
"trust": 3.1
},
{
"db": "TENABLE",
"id": "TRA-2019-17",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003348",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-24766",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201904-579",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-155349",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24766"
},
{
"db": "VULHUB",
"id": "VHN-155349"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003348"
},
{
"db": "NVD",
"id": "CVE-2019-3914"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-579"
}
]
},
"id": "VAR-201904-0313",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24766"
},
{
"db": "VULHUB",
"id": "VHN-155349"
}
],
"trust": 1.575
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24766"
}
]
},
"last_update_date": "2023-12-18T12:18:05.680000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fios Quantum Gateway",
"trust": 0.8,
"url": "https://www.verizon.com/home/accessories/fios-quantum-gateway/"
},
{
"title": "Patch for VerizonWirelessFiosQuantumGateway (G1100) command execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/171865"
},
{
"title": "Verizon Wireless Fios Quantum Gateway ( G1100 ) Repair measures for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=91391"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24766"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003348"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-579"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "CWE-77",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155349"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003348"
},
{
"db": "NVD",
"id": "CVE-2019-3914"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.tenable.com/security/research/tra-2019-17"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3914"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3914"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24766"
},
{
"db": "VULHUB",
"id": "VHN-155349"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003348"
},
{
"db": "NVD",
"id": "CVE-2019-3914"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-579"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-24766"
},
{
"db": "VULHUB",
"id": "VHN-155349"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003348"
},
{
"db": "NVD",
"id": "CVE-2019-3914"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-579"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-24766"
},
{
"date": "2019-04-11T00:00:00",
"db": "VULHUB",
"id": "VHN-155349"
},
{
"date": "2019-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003348"
},
{
"date": "2019-04-11T14:29:00.233000",
"db": "NVD",
"id": "CVE-2019-3914"
},
{
"date": "2019-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-579"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-24766"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-155349"
},
{
"date": "2019-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003348"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-3914"
},
{
"date": "2020-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-579"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-579"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Verizon Fios Quantum Gateway Firmware command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003348"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-579"
}
],
"trust": 0.6
}
}
VAR-201904-0314
Vulnerability from variot - Updated: 2023-12-18 12:18Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept and replay login requests to gain access to the administrative web interface. Verizon Fios Quantum Gateway (G1100) There are authentication vulnerabilities in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Verizon Wireless FiosQuantumGateway (G1100) is a wireless router from Verizon Wireless. An authorization issue vulnerability exists in VerizonFiosQuantumGateway (G1100) with firmware version 02.01.00.05, which is due to lack of authentication or insufficient authentication strength in the network system or product. Verizon Fios Quantum Gateway is prone to a command-injection vulnerability. An attacker can exploit this issue to execute arbitrary commands with root privileges ; this may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0314",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fios quantum gateway g1100",
"scope": "eq",
"trust": 1.8,
"vendor": "verizon",
"version": "02.01.00.05"
},
{
"model": "wireless fios quantum gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "verizon",
"version": "02.01.00.05"
},
{
"model": "fios quantum gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "verizon",
"version": "02.01.00.05"
},
{
"model": "fios quantum gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "verizon",
"version": "02.02.00.13"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24767"
},
{
"db": "BID",
"id": "107883"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003349"
},
{
"db": "NVD",
"id": "CVE-2019-3915"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:verizon:fios_quantum_gateway_g1100_firmware:02.01.00.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:verizon:fios_quantum_gateway_g1100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3915"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Lyne",
"sources": [
{
"db": "BID",
"id": "107883"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-582"
}
],
"trust": 0.9
},
"cve": "CVE-2019-3915",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-3915",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CNVD-2019-24767",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "VHN-155350",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3915",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-3915",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-24767",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-582",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-155350",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24767"
},
{
"db": "VULHUB",
"id": "VHN-155350"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003349"
},
{
"db": "NVD",
"id": "CVE-2019-3915"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-582"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept and replay login requests to gain access to the administrative web interface. Verizon Fios Quantum Gateway (G1100) There are authentication vulnerabilities in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Verizon Wireless FiosQuantumGateway (G1100) is a wireless router from Verizon Wireless. An authorization issue vulnerability exists in VerizonFiosQuantumGateway (G1100) with firmware version 02.01.00.05, which is due to lack of authentication or insufficient authentication strength in the network system or product. Verizon Fios Quantum Gateway is prone to a command-injection vulnerability. \nAn attacker can exploit this issue to execute arbitrary commands with root privileges ; this may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3915"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003349"
},
{
"db": "CNVD",
"id": "CNVD-2019-24767"
},
{
"db": "BID",
"id": "107883"
},
{
"db": "VULHUB",
"id": "VHN-155350"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3915",
"trust": 3.4
},
{
"db": "TENABLE",
"id": "TRA-2019-17",
"trust": 2.5
},
{
"db": "BID",
"id": "107883",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003349",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-582",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-24767",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-155350",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24767"
},
{
"db": "VULHUB",
"id": "VHN-155350"
},
{
"db": "BID",
"id": "107883"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003349"
},
{
"db": "NVD",
"id": "CVE-2019-3915"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-582"
}
]
},
"id": "VAR-201904-0314",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24767"
},
{
"db": "VULHUB",
"id": "VHN-155350"
}
],
"trust": 1.575
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24767"
}
]
},
"last_update_date": "2023-12-18T12:18:05.646000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fios Quantum Gateway",
"trust": 0.8,
"url": "https://www.verizon.com/home/accessories/fios-quantum-gateway/"
},
{
"title": "Patch for VerizonWirelessFiosQuantumGateway (G1100) Authorization Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/171863"
},
{
"title": "Verizon Wireless Fios Quantum Gateway ( G1100 ) Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=91394"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24767"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003349"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-582"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-294",
"trust": 1.1
},
{
"problemtype": "CWE-287",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155350"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003349"
},
{
"db": "NVD",
"id": "CVE-2019-3915"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.tenable.com/security/research/tra-2019-17"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/107883"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3915"
},
{
"trust": 0.9,
"url": "https://medium.com/tenable-techblog/verizon-fios-router-authenticated-command-injection-f6d2ddec30fd"
},
{
"trust": 0.9,
"url": "http://www.verizonwireless.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3915"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24767"
},
{
"db": "VULHUB",
"id": "VHN-155350"
},
{
"db": "BID",
"id": "107883"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003349"
},
{
"db": "NVD",
"id": "CVE-2019-3915"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-582"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-24767"
},
{
"db": "VULHUB",
"id": "VHN-155350"
},
{
"db": "BID",
"id": "107883"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003349"
},
{
"db": "NVD",
"id": "CVE-2019-3915"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-582"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-24767"
},
{
"date": "2019-04-11T00:00:00",
"db": "VULHUB",
"id": "VHN-155350"
},
{
"date": "2019-04-09T00:00:00",
"db": "BID",
"id": "107883"
},
{
"date": "2019-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003349"
},
{
"date": "2019-04-11T14:29:00.390000",
"db": "NVD",
"id": "CVE-2019-3915"
},
{
"date": "2019-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-582"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-24767"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-155350"
},
{
"date": "2019-04-09T00:00:00",
"db": "BID",
"id": "107883"
},
{
"date": "2019-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003349"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-3915"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-582"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-582"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Verizon Fios Quantum Gateway Firmware authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003349"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-582"
}
],
"trust": 0.6
}
}
VAR-201904-0315
Vulnerability from variot - Updated: 2023-12-18 12:18Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g. /api). Verizon Fios Quantum Gateway (G1100) Firmware contains an information disclosure vulnerability.Information may be obtained. Verizon Wireless FiosQuantumGateway (G1100) is a wireless router from Verizon Wireless. An information disclosure vulnerability exists in VerizonFiosQuantumGateway (G1100) using firmware version 02.01.00.05, which is due to errors in the configuration of the network system or product during operation. An attacker could exploit this vulnerability to obtain sensitive information about an affected component
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0315",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fios quantum gateway g1100",
"scope": "eq",
"trust": 1.8,
"vendor": "verizon",
"version": "02.01.00.05"
},
{
"model": "wireless fios quantum gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "verizon",
"version": "02.01.00.05"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24768"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003343"
},
{
"db": "NVD",
"id": "CVE-2019-3916"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:verizon:fios_quantum_gateway_g1100_firmware:02.01.00.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:verizon:fios_quantum_gateway_g1100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3916"
}
]
},
"cve": "CVE-2019-3916",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-3916",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-24768",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-155351",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3916",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-3916",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-24768",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-583",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-155351",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24768"
},
{
"db": "VULHUB",
"id": "VHN-155351"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003343"
},
{
"db": "NVD",
"id": "CVE-2019-3916"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-583"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g. /api). Verizon Fios Quantum Gateway (G1100) Firmware contains an information disclosure vulnerability.Information may be obtained. Verizon Wireless FiosQuantumGateway (G1100) is a wireless router from Verizon Wireless. An information disclosure vulnerability exists in VerizonFiosQuantumGateway (G1100) using firmware version 02.01.00.05, which is due to errors in the configuration of the network system or product during operation. An attacker could exploit this vulnerability to obtain sensitive information about an affected component",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3916"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003343"
},
{
"db": "CNVD",
"id": "CNVD-2019-24768"
},
{
"db": "VULHUB",
"id": "VHN-155351"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3916",
"trust": 3.1
},
{
"db": "TENABLE",
"id": "TRA-2019-17",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003343",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-583",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-24768",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-155351",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24768"
},
{
"db": "VULHUB",
"id": "VHN-155351"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003343"
},
{
"db": "NVD",
"id": "CVE-2019-3916"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-583"
}
]
},
"id": "VAR-201904-0315",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24768"
},
{
"db": "VULHUB",
"id": "VHN-155351"
}
],
"trust": 1.575
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24768"
}
]
},
"last_update_date": "2023-12-18T12:18:05.611000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fios Quantum Gateway",
"trust": 0.8,
"url": "https://www.verizon.com/home/accessories/fios-quantum-gateway/"
},
{
"title": "Patch for Verizon WirelessFiosQuantumGateway (G1100) Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/171861"
},
{
"title": "Verizon Wireless Fios Quantum Gateway ( G1100 ) Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=91395"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24768"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003343"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-583"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-425",
"trust": 1.1
},
{
"problemtype": "CWE-200",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155351"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003343"
},
{
"db": "NVD",
"id": "CVE-2019-3916"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.tenable.com/security/research/tra-2019-17"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3916"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3916"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24768"
},
{
"db": "VULHUB",
"id": "VHN-155351"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003343"
},
{
"db": "NVD",
"id": "CVE-2019-3916"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-583"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-24768"
},
{
"db": "VULHUB",
"id": "VHN-155351"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003343"
},
{
"db": "NVD",
"id": "CVE-2019-3916"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-583"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-24768"
},
{
"date": "2019-04-11T00:00:00",
"db": "VULHUB",
"id": "VHN-155351"
},
{
"date": "2019-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003343"
},
{
"date": "2019-04-11T15:29:00.543000",
"db": "NVD",
"id": "CVE-2019-3916"
},
{
"date": "2019-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-583"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-24768"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-155351"
},
{
"date": "2019-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003343"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-3916"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-583"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-583"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Verizon Fios Quantum Gateway Information disclosure vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003343"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-583"
}
],
"trust": 0.6
}
}