Wednesday, May 14, 2025
Follow us On Linkedin
HomeComputer SecurityVerizon Fios Router Vulnerabilities Allows Attackers to Gain Complete Control Over the...

Verizon Fios Router Vulnerabilities Allows Attackers to Gain Complete Control Over the Network

Computer SecurityNetwork SecurityVulnerability

Published on

By Gurubaran
Verizon Fios Router Vulnerabilities Allows Attackers to Gain Complete Control Over the Network

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

Security researchers at Tenable uncovered multiple flaws with Verizon Fios Quantum Gateway router that allows a remote attacker to gain complete access over the network.

By exploiting the vulnerability an attacker could sniff into victims network traffic and van exfiltrate personal and financial details.

Three vulnerabilities discovered in Verizon’s Fios Quantum Gateway routers.

- Advertisement - Google News
  • CVE-2019-3914 – Authenticated Remote Command Injection
  • CVE-2019-3915 – Login Replay
  • CVE-2019-3916 – Password Salt Disclosure

Command Injection – CVE-2019-3914

The vulnerability can be triggered by adding a firewall access control rule with a crafted hostname. In order to perform the command injection the attacker to be authenticated to device web admin interface.

Chris Lyne explained a possible insider threat, remote attack scenario for the command injection Vulnerability.

An insider could determine the public IP address and from the sticker, in the router, they grab the default login credentials. By having the information they can log in with the router and enable Remote Administration.

Verizon Fios Quantum

By enabling the remote administration the attacker can exploit CVE-2019-3914 remotely and gain access to the network.

CVE-2019-3915 – Login Replay

HTTPS is not enforced for the router web admin interface Login URL, it allows an attacker in the same network to sniff the packets and to gain access over the web interface.

CVE-2019-3916 – Password Salt Disclosure

As the firmware doesn’t enforce the HTTPS, a local attacker can sniff the login request contains the salted password hash and could perform a dictionary attack to recover the original password.

These routers are supplied to all new Verizon Fios customers unless they elect to use their own router, which isn’t very common, said Chris Lyne. he outlined several potential attack scenarios.

Users of Verizon Fios routers are urged to updated with version 02.02.00.13 and the researchers also released PoC.

Related Read

MikroTik RouterOS Vulnerability Allows Hackers to Perform DOS Attacks

New DNS Hijacking Attack Exploiting DLink Routers to Target Netflix, PayPal, Uber, Gmail Users

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

cyber security

Critical 0-Day in Windows DWM Enables Privilege Escalation

Microsoft has disclosed a significant security vulnerability (CVE-2025-30400) affecting the Windows Desktop Window Manager...
Cyber Security News

Microsoft Patch Tuesday May 2025 Released With the Fixes for 72 Flaws With 5 Actively Exploited 0-Day

Microsoft has released its May 2025 Patch Tuesday updates, addressing 72 security vulnerabilities across...
Cyber Security News

Ivanti Released Security Updates to Fix for the Mutiple RCE Vulnerabilities – Patch Now

Ivanti, a leading enterprise software provider, has released critical security updates addressing vulnerabilities across...
Cyber Security News

Fortinet FortiVoice Zero-day Vulnerability Actively Exploited in The Wild

A critical stack-based buffer overflow vulnerability (CWE-121) has been discovered in multiple Fortinet products,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

Register Now

More like this

Cyber Security News

Ivanti Released Security Updates to Fix for the Mutiple RCE Vulnerabilities – Patch Now

Ivanti, a leading enterprise software provider, has released critical security updates addressing vulnerabilities across...
Cyber Security News

Fortinet FortiVoice Zero-day Vulnerability Actively Exploited in The Wild

A critical stack-based buffer overflow vulnerability (CWE-121) has been discovered in multiple Fortinet products,...
cyber security

Zoom Workplace Apps Flaws Allow Hackers to Gain Elevated Access

Zoom has released multiple security bulletins addressing seven newly discovered vulnerabilities in Zoom Workplace...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved