Verizon 5G Home LVSKIHP outside devices through 2022-02-15 allow anyone (knowing the device's serial number) to access a CPE admin website, e.g., at the 10.0.0.1 IP address. The password (for the verizon username) is calculated by concatenating the serial number and the model (i.e., the LVSKIHP string), running the sha256sum program, and extracting the first seven characters concatenated with the last seven characters of that SHA-256 value.
References
Link | Resource |
---|---|
https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md | Exploit Third Party Advisory |
https://www.reddit.com/r/verizon/comments/sstq4c/5g_home_internet_dropping_out/hx3ir0s/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-287 |
09 Sep 2022, 16:49
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md - Exploit, Third Party Advisory |
14 Jul 2022, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 May 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Verizon 5G Home LVSKIHP outside devices through 2022-02-15 allow anyone (knowing the device's serial number) to access a CPE admin website, e.g., at the 10.0.0.1 IP address. The password (for the verizon username) is calculated by concatenating the serial number and the model (i.e., the LVSKIHP string), running the sha256sum program, and extracting the first seven characters concatenated with the last seven characters of that SHA-256 value. |
12 Apr 2022, 14:32
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:verizon:lvskihp_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:verizon:lvskihp:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 8.1 |
CWE | CWE-668 | |
References | (MISC) https://www.reddit.com/r/verizon/comments/sstq4c/5g_home_internet_dropping_out/hx3ir0s/ - Third Party Advisory |
03 Apr 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-03 04:15
Updated : 2024-02-04 22:29
NVD link : CVE-2022-28376
Mitre link : CVE-2022-28376
CVE.ORG link : CVE-2022-28376
JSON object : View
Products Affected
verizon
- lvskihp
- lvskihp_firmware
CWE
CWE-287
Improper Authentication