Vulnerability Details : CVE-2022-28376
Verizon 5G Home LVSKIHP outside devices through 2022-02-15 allow anyone (knowing the device's serial number) to access a CPE admin website, e.g., at the 10.0.0.1 IP address. The password (for the verizon username) is calculated by concatenating the serial number and the model (i.e., the LVSKIHP string), running the sha256sum program, and extracting the first seven characters concatenated with the last seven characters of that SHA-256 value.
Products affected by CVE-2022-28376
- cpe:2.3:o:verizon:lvskihp_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-28376
0.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-28376
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST |
CWE ids for CVE-2022-28376
-
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-28376
-
https://www.reddit.com/r/verizon/comments/sstq4c/5g_home_internet_dropping_out/hx3ir0s/
5G Home Internet Dropping Out : verizonThird Party Advisory
-
https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md
SecWriteups/readme.md at main · JousterL/SecWriteups · GitHubExploit;Third Party Advisory
Jump to