PT-2019-16770 · Verizon · Verizon Fios Quantum Gateway

Chris Lyne

Published

2019-04-11

Updated

2020-08-24

CVE-2019-3915

CVSS v3.1

7.5

High

Vector

AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Verizon Fios Quantum Gateway (G1100) version 02.01.00.05

Description The issue allows an unauthenticated attacker with adjacent network access to intercept and replay login requests, gaining access to the administrative web interface through an authentication bypass by capture-replay.

Recommendations For version 02.01.00.05, as a temporary workaround, consider restricting access to the administrative web interface until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-294

Related Identifiers

CVE-2019-3915

Affected Products

Verizon Fios Quantum Gateway

PT-2019-16770 · Verizon · Verizon Fios Quantum Gateway

CVE-2019-3915

Weakness Enumeration

Related Identifiers

Affected Products

References · 4