CVE-2022-28377

On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. This password can be generated via a binary included in the firmware, after ascertaining the MAC address of the IDU's base Ethernet interface, and adding the string DEVICE_MANUFACTURER='Wistron_NeWeb_Corp.' to /etc/device_info to replicate the host environment. This occurs in /etc/init.d/wnc_factoryssidkeypwd (IDU).

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md	Exploit Third Party Advisory
https://www.verizon.com/info/reportsecurityvulnerability/	Vendor Advisory
https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md	Exploit Third Party Advisory
https://www.verizon.com/info/reportsecurityvulnerability/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:verizon:lvskihp_indoorunit_firmware:3.4.66.162:*:*:*:*:*:*:*

cpe:2.3:h:verizon:lvskihp_indoorunit:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:verizon:lvskihp_outdoorunit_firmware:3.33.101.0:*:*:*:*:*:*:*

cpe:2.3:h:verizon:lvskihp_outdoorunit:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:57

Type	Values Removed	Values Added
References	~~() https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md - Exploit, Third Party Advisory~~	() https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md - Exploit, Third Party Advisory
References	~~() https://www.verizon.com/info/reportsecurityvulnerability/ - Vendor Advisory~~	() https://www.verizon.com/info/reportsecurityvulnerability/ - Vendor Advisory

Information

Published : 2022-07-14 13:15

Updated : 2024-11-21 06:57

NVD link : CVE-2022-28377

Mitre link : CVE-2022-28377

CVE.ORG link : CVE-2022-28377

JSON object : View

Products Affected

verizon

lvskihp_outdoorunit_firmware
lvskihp_indoorunit_firmware
lvskihp_outdoorunit
lvskihp_indoorunit

CWE

CWE-521

Weak Password Requirements

{"id": "CVE-2022-28377", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-07-14T13:15:08.620", "references": [{"url": "https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.verizon.com/info/reportsecurityvulnerability/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.verizon.com/info/reportsecurityvulnerability/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-521"}]}], "descriptions": [{"lang": "en", "value": "On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. This password can be generated via a binary included in the firmware, after ascertaining the MAC address of the IDU's base Ethernet interface, and adding the string DEVICE_MANUFACTURER='Wistron_NeWeb_Corp.' to /etc/device_info to replicate the host environment. This occurs in /etc/init.d/wnc_factoryssidkeypwd (IDU)."}, {"lang": "es", "value": "En los dispositivos Verizon 5G Home LVSKIHP InDoorUnit (IDU) versi\u00f3n 3.4.66.162 y OutDoorUnit (ODU) versi\u00f3n 3.33.101.0, los endpoints RPC de CRTC y ODU dependen de un nombre de usuario/contrase\u00f1a de cuenta est\u00e1tica para el control de acceso. Esta contrase\u00f1a puede generarse por medio de un binario incluido en el firmware, despu\u00e9s de averiguar la direcci\u00f3n MAC de la interfaz Ethernet base de la IDU, y a\u00f1adir la cadena DEVICE_MANUFACTURER=\"Wistron_NeWeb_Corp.\" a /etc/device_info para replicar el entorno del host. Esto ocurre en /etc/init.d/wnc_factoryssidkeypwd (IDU)"}], "lastModified": "2024-11-21T06:57:14.933", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:verizon:lvskihp_indoorunit_firmware:3.4.66.162:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9D9319E-5FB5-442A-89B0-3559210B7250"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:verizon:lvskihp_indoorunit:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6A0557F4-75F3-4DF4-8F95-CC9F9239D243"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:verizon:lvskihp_outdoorunit_firmware:3.33.101.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "569F1902-F20B-4E2A-9BED-FF25E15535E9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:verizon:lvskihp_outdoorunit:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C2E2257C-8E43-4910-93FF-70CC51430D96"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}