Security Advisory

CVE-2022-28369

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-07-14 12:29:24

Last updated 2024-08-03 05:56:14

Assigner mitre

State PUBLISHED

Description

Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate the user-provided URL within the crtcmode functions enable_ssh sub-operation of the crtcrpc JSON listener (found at /lib/functions/wnc_jsonsh/crtcmode.sh) A remote attacker on the local network can provide a malicious URL. The data (found at that URL) is written to /usr/sbin/dropbear and then executed as root.

← Browse all CVEs View on cve.org ↗