Skip to main content

Lvskihp Outdoorunit Firmware

6 CVEs product

Monthly

CVE-2022-28377 HIGH POC This Week

On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Brute Force Information Disclosure Lvskihp Indoorunit Firmware Lvskihp Outdoorunit Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-28375 CRITICAL POC Act Now

Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Lvskihp Outdoorunit Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-28374 HIGH POC This Week

Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Lvskihp Outdoorunit Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2022-28372 HIGH POC This Week

On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Lvskihp Indoorunit Firmware Lvskihp Outdoorunit Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-28371 HIGH POC This Week

On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lvskihp Indoorunit Firmware Lvskihp Outdoorunit Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-28370 HIGH POC This Week

On Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 devices, the RPC endpoint crtc_fw_upgrade provides a means of provisioning a firmware update for the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lvskihp Outdoorunit Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
EPSS 1% CVSS 7.5
HIGH POC This Week

On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Brute Force Information Disclosure Lvskihp Indoorunit Firmware +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Lvskihp Outdoorunit Firmware
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Lvskihp Outdoorunit Firmware
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Lvskihp Indoorunit Firmware Lvskihp Outdoorunit Firmware
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lvskihp Indoorunit Firmware Lvskihp Outdoorunit Firmware
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

On Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 devices, the RPC endpoint crtc_fw_upgrade provides a means of provisioning a firmware update for the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lvskihp Outdoorunit Firmware
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy