CVE-2022-28369

Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate the user-provided URL within the crtcmode function's enable_ssh sub-operation of the crtcrpc JSON listener (found at /lib/functions/wnc_jsonsh/crtcmode.sh) A remote attacker on the local network can provide a malicious URL. The data (found at that URL) is written to /usr/sbin/dropbear and then executed as root.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:verizon:lvskihp_indoorunit_firmware:3.4.66.162:*:*:*:*:*:*:*
cpe:2.3:h:verizon:lvskihp_indoorunit:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-07-14 13:15

Updated : 2024-02-28 19:29


NVD link : CVE-2022-28369

Mitre link : CVE-2022-28369

CVE.ORG link : CVE-2022-28369


JSON object : View

Products Affected

verizon

  • lvskihp_indoorunit_firmware
  • lvskihp_indoorunit
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type