PT-2019-16770 · Verizon · Verizon Fios Quantum Gateway

Chris Lyne

Publicado

2019-04-11

Atualizado

2020-08-24

CVE-2019-3915

CVSS v3.1

7.5

Alta

Vetor

AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Verizon Fios Quantum Gateway (G1100) version 02.01.00.05

Description The issue allows an unauthenticated attacker with adjacent network access to intercept and replay login requests, gaining access to the administrative web interface through an authentication bypass by capture-replay.

Recommendations For version 02.01.00.05, as a temporary workaround, consider restricting access to the administrative web interface until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-294

Identificadores relacionados

CVE-2019-3915

Produtos afetados

Verizon Fios Quantum Gateway

PT-2019-16770 · Verizon · Verizon Fios Quantum Gateway

CVE-2019-3915

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4