CVE-2022-28369

Name of the Vulnerable Software and Affected Versions Verizon 5G Home LVSKIHP InDoorUnit (IDU) version 3.4.66.162

Description The issue concerns the failure to validate user-provided URLs within the crtcmode function's enable ssh sub-operation of the crtcrpc JSON listener, located at /lib/functions/wnc jsonsh/crtcmode.sh. A remote attacker on the local network can exploit this by providing a malicious URL, and the data from that URL is written to /usr/sbin/dropbear and then executed as root.

Recommendations For version 3.4.66.162, as a temporary workaround, consider disabling the enable ssh sub-operation of the crtcmode function until a patch is available. Restrict access to the crtcrpc JSON listener to minimize the risk of exploitation. Avoid using the crtcmode.sh script in the /lib/functions/wnc jsonsh/ directory until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.