CVE-2022-28376

Name of the Vulnerable Software and Affected Versions Verizon 5G Home LVSKIHP outside devices through 2022-02-15

Description The issue allows anyone with knowledge of the device's serial number to access a CPE admin website, for example, at the "10.0.0.1" IP address. The password for the verizon username is calculated by concatenating the serial number and the model (i.e., the LVSKIHP string), running the sha256sum program, and extracting the first seven characters concatenated with the last seven characters of that SHA-256 value.

Recommendations For Verizon 5G Home LVSKIHP outside devices through 2022-02-15, consider changing the default password calculation method to prevent unauthorized access until a patch is available. As a temporary workaround, restrict access to the CPE admin website at the "10.0.0.1" IP address to minimize the risk of exploitation.