CVE-2019-3916

HIGH

Verizon Fios Quantum Gateway G1100 Firmware 02.01.00.05 - Unauthenticated Information Disclosure via API Endpoint

Title source: llm
STIX 2.1

Description

Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g. /api).

References (1)

Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2019-17

Scores

CVSS v3 7.5
EPSS 0.0206
EPSS Percentile 78.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-425
Status published
Products (1)
verizon/fios_quantum_gateway_g1100_firmware 02.01.00.05
Published Apr 11, 2019
Tracked Since Feb 18, 2026