VYPR

LVSKIHP

by Verizon

CVEs (3)

  • CVE-2022-28375CriJul 14, 2022
    risk 0.64cvss 9.8epss 0.02

    Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker on the local network can inject shell metacharacters into…

  • CVE-2022-28376HigApr 3, 2022
    risk 0.53cvss 8.1epss 0.01

    Verizon 5G Home LVSKIHP outside devices through 2022-02-15 allow anyone (knowing the device's serial number) to access a CPE admin website, e.g., at the 10.0.0.1 IP address. The password (for the verizon username) is calculated by concatenating the serial number and the model…

  • CVE-2022-28377HigJul 14, 2022
    risk 0.49cvss 7.5epss 0.01

    On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. This password can be generated via a binary included in the firmware, after ascertaining…