Thursday, January 30, 2025
Follow us On Linkedin
HomeComputer SecurityVerizon Fios Router Vulnerabilities Allows Attackers to Gain Complete Control Over the...

Verizon Fios Router Vulnerabilities Allows Attackers to Gain Complete Control Over the Network

Computer SecurityNetwork SecurityVulnerability

Published on

By Gurubaran
Verizon Fios Router Vulnerabilities Allows Attackers to Gain Complete Control Over the Network

Free Webinar DevSecOps Hacks

SIEM as a Service

Follow Us on Google News

Security researchers at Tenable uncovered multiple flaws with Verizon Fios Quantum Gateway router that allows a remote attacker to gain complete access over the network.

By exploiting the vulnerability an attacker could sniff into victims network traffic and van exfiltrate personal and financial details.

Three vulnerabilities discovered in Verizon’s Fios Quantum Gateway routers.

  • CVE-2019-3914 – Authenticated Remote Command Injection
  • CVE-2019-3915 – Login Replay
  • CVE-2019-3916 – Password Salt Disclosure

Command Injection – CVE-2019-3914

The vulnerability can be triggered by adding a firewall access control rule with a crafted hostname. In order to perform the command injection the attacker to be authenticated to device web admin interface.

Chris Lyne explained a possible insider threat, remote attack scenario for the command injection Vulnerability.

An insider could determine the public IP address and from the sticker, in the router, they grab the default login credentials. By having the information they can log in with the router and enable Remote Administration.

Verizon Fios Quantum

By enabling the remote administration the attacker can exploit CVE-2019-3914 remotely and gain access to the network.

CVE-2019-3915 – Login Replay

HTTPS is not enforced for the router web admin interface Login URL, it allows an attacker in the same network to sniff the packets and to gain access over the web interface.

CVE-2019-3916 – Password Salt Disclosure

As the firmware doesn’t enforce the HTTPS, a local attacker can sniff the login request contains the salted password hash and could perform a dictionary attack to recover the original password.

These routers are supplied to all new Verizon Fios customers unless they elect to use their own router, which isn’t very common, said Chris Lyne. he outlined several potential attack scenarios.

Users of Verizon Fios routers are urged to updated with version 02.02.00.13 and the researchers also released PoC.

Related Read

MikroTik RouterOS Vulnerability Allows Hackers to Perform DOS Attacks

New DNS Hijacking Attack Exploiting DLink Routers to Target Netflix, PayPal, Uber, Gmail Users

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Browser

New RDP Exploit Allows Attackers to Take Over Windows and Browser Sessions

Cybersecurity experts have uncovered a new exploit leveraging the widely used Remote Desktop Protocol...
Cyber Security News

New SMS-Based Phishing Tool ‘DevilTraff’ Enables Mass Cyber Attacks

Cybersecurity experts are sounding the alarm about a new SMS-based phishing tool, Devil-Traff, that...
Cyber Security News

DeepSeek Database Publicly Exposed Sensitive Information, Secret Keys & Logs

Experts at Wiz Research have identified a publicly exposed ClickHouse database belonging to DeepSeek,...
Cyber Security News

OPNsense 25.1 Released, What’s New!

The highly anticipated release of OPNsense 25.1 has officially arrived! Nicknamed "Ultimate Unicorn," this...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

Register Now

More like this

Apple

New Apple SLAP & FLOP Side-Channel Attacks Let Attackers Steal Login Details From Browser

Researchers from the Georgia Institute of Technology and Ruhr University Bochum have uncovered two...
Cyber Security News

Russian APT28 Hackers Exploit Zero-Day Vulnerabilities to Target Government and Security Sectors

A detailed analysis from Maverits, a leading cybersecurity firm, reveals a significant evolution in...
Cyber Security News

New Aquabot Malware Actively Exploiting Mitel SIP phones injection vulnerability

Akamai's Security Intelligence and Response Team (SIRT) has uncovered a novel variant of the...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2024 GBHackers On Security - All Rights Reserved