It allows network-based attackers to intercept login requests using a packet sniffer and replay them to gain admin access to the web interface. Join our insightful webinar! Save My Seat!
#VERIZON REVEAL LOGIN HOW TO#
Zero Trust + Deception: Learn How to Outsmart Attackers!ĭiscover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. They can create back doors, record sensitive internet transactions, pivot to other devices, etc." From here, they have control of the network. "Then, the attacker can exploit CVE-2019-3914 remotely, from across the internet, to gain remote root shell access to the router's underlying operating system. They can then either turn remote administration on, confirm it is enabled, or use the same social engineering ruse to have the victim enable it," Chris told The Hacker News in an email interview.
#VERIZON REVEAL LOGIN PASSWORD#
Either through legitimate access (a house guest) or social engineering (customer support scam), an attacker could obtain the target router's administrator password from the sticker on the router and public IP address. First, the insider threat would allow an attacker to record the login sequence (salted hash) using a packet sniffer. "There are two attack scenarios that enable an attacker to execute commands remotely. When reviewing the log file on his router, Chris noticed that the "Access Control" rules in the Firewall settings, available in the router's web interface, was not properly sanitizing the "hostname" parameter while passing the values as part of a command to the console.Īlso, affected routers don't come with remote administration enabled by default, which further reduces the threat of Internet-based attacks. The flaws in question are authenticated command injection (with root privileges), login replay, and password salt disclosure vulnerabilities in the Verizon Fios Quantum Gateway router (G1100), according to technical details Chris Lyne, a senior research engineer at Tenable, shared with The Hacker News.Īuthenticated Command Injection Flaw (CVE-2019-3914)
A cybersecurity researcher at Tenable has discovered multiple security vulnerabilities in Verizon Fios Quantum Gateway Wi-Fi routers that could allow remote attackers to take complete control over the affected routers, exposing every other device connected to it.Ĭurrently used by millions of consumers in the United States, Verizon Fios Quantum Gateway Wi-Fi routers have been found vulnerable to three security vulnerabilities, identified as CVE-2019-3914, CVE-2019-3915, and CVE-2019-3916.
0 kommentar(er)
