VYPR

5G Home LVSKIHP OutDoorUnit (ODU)

by Verizon

CVEs (4)

  • CVE-2022-28373CriJul 14, 2022
    risk 0.64cvss 9.8epss 0.02

    Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly sanitize user-controlled parameters within the crtcreadpartition function of the crtcrpc JSON listener in /usr/lib/lua/luci/crtc.lua. A remote attacker on the local network can inject shell metacharacters to…

  • CVE-2022-28374HigJul 14, 2022
    risk 0.57cvss 8.8epss 0.02

    Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal. An authenticated remote attacker on the local network can inject shell metacharacters into…

  • CVE-2022-28372HigJul 14, 2022
    risk 0.49cvss 7.5epss 0.01

    On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via crtc_fw_upgrade or crtcfwimage. The URL provided is not validated, and thus allows…

  • CVE-2022-28370HigJul 14, 2022
    risk 0.49cvss 7.5epss 0.00

    On Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 devices, the RPC endpoint crtc_fw_upgrade provides a means of provisioning a firmware update for the device. /lib/functions/wnc_jsonsh/wnc_crtc_fw.sh has no cryptographic validation of the image, thus allowing an attacker…