CVE-2019-3914

Name of the Vulnerable Software and Affected Versions Verizon Fios Quantum Gateway (G1100) version 02.01.00.05

Description A remote command injection issue allows a remote, authenticated attacker to execute arbitrary commands on the target device. This can be achieved by adding an access control rule for a network object with a crafted hostname.

Recommendations For version 02.01.00.05, as a temporary workaround, consider restricting access to the network object configuration to minimize the risk of exploitation. Avoid using crafted hostnames in access control rules until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.