CVE-2022-28372 - OpenCVE

On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via crtc_fw_upgrade or crtcfwimage. The URL provided is not validated, and thus allows for arbitrary file upload to the device. This occurs in /lib/lua/luci/crtc.lua (IDU) and /lib/functions/wnc_jsonsh/wnc_crtc_fw.sh (ODU).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Verizon	Lvskihp Indoorunit Lvskihp Indoorunit Firmware Lvskihp Outdoorunit Lvskihp Outdoorunit Firmware

Configuration 1 [-]

AND

cpe:2.3:o:verizon:lvskihp_indoorunit_firmware:3.4.66.162:*:*:*:*:*:*:*

cpe:2.3:h:verizon:lvskihp_indoorunit:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:verizon:lvskihp_outdoorunit_firmware:3.33.101.0:*:*:*:*:*:*:*

cpe:2.3:h:verizon:lvskihp_outdoorunit:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md
https://www.verizon.com/info/reportsecurityvulnerability/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-07-14T12:28:59

Updated: 2024-08-03T05:56:14.901Z

Reserved: 2022-04-03T00:00:00

Link: CVE-2022-28372

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-07-14T13:15:08.357

Modified: 2022-07-21T02:02:09.227

Link: CVE-2022-28372

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via crtc_fw_upgrade or crtcfwimage. The URL provided is not validated, and thus allows for arbitrary file upload to the device. This occurs in /lib/lua/luci/crtc.lua (IDU) and /lib/functions/wnc_jsonsh/wnc_crtc_fw.sh (ODU)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-14T12:28:59", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.verizon.com/info/reportsecurityvulnerability/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-28372", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via crtc_fw_upgrade or crtcfwimage. The URL provided is not validated, and thus allows for arbitrary file upload to the device. This occurs in /lib/lua/luci/crtc.lua (IDU) and /lib/functions/wnc_jsonsh/wnc_crtc_fw.sh (ODU)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.verizon.com/info/reportsecurityvulnerability/", "refsource": "MISC", "url": "https://www.verizon.com/info/reportsecurityvulnerability/"}, {"name": "https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md", "refsource": "MISC", "url": "https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:56:14.901Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.verizon.com/info/reportsecurityvulnerability/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-28372", "datePublished": "2022-07-14T12:28:59", "dateReserved": "2022-04-03T00:00:00", "dateUpdated": "2024-08-03T05:56:14.901Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:verizon:lvskihp_indoorunit_firmware:3.4.66.162:*:*:*:*:*:*:*", "matchCriteriaId": "D9D9319E-5FB5-442A-89B0-3559210B7250", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:verizon:lvskihp_indoorunit:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A0557F4-75F3-4DF4-8F95-CC9F9239D243", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:verizon:lvskihp_outdoorunit_firmware:3.33.101.0:*:*:*:*:*:*:*", "matchCriteriaId": "569F1902-F20B-4E2A-9BED-FF25E15535E9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:verizon:lvskihp_outdoorunit:-:*:*:*:*:*:*:*", "matchCriteriaId": "C2E2257C-8E43-4910-93FF-70CC51430D96", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via crtc_fw_upgrade or crtcfwimage. The URL provided is not validated, and thus allows for arbitrary file upload to the device. This occurs in /lib/lua/luci/crtc.lua (IDU) and /lib/functions/wnc_jsonsh/wnc_crtc_fw.sh (ODU)."}, {"lang": "es", "value": "En los dispositivos InDoorUnit (IDU) versi\u00f3n 3.4.66.162 y OutDoorUnit (ODU) versi\u00f3n 3.33.101.0 de Verizon 5G Home LVSKIHP, los endpoints RPC de CRTC y ODU proporcionan un medio para aprovisionar una actualizaci\u00f3n de firmware para el dispositivo por medio de crtc_fw_upgrade o crtcfwimage. La URL proporcionada no est\u00e1 comprueba, y por lo tanto permite una carga arbitraria de archivos en el dispositivo. Esto ocurre en los archivos /lib/lua/luci/crtc.lua (IDU) y /lib/functions/wnc_jsonsh/wnc_crtc_fw.sh (ODU)"}], "id": "CVE-2022-28372", "lastModified": "2022-07-21T02:02:09.227", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-14T13:15:08.357", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.verizon.com/info/reportsecurityvulnerability/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}