CVE-2022-28371

HIGH

Verizon 5G Home LVSKIHP InDoorUnit/ODU <3.4.66.162/<3.33.101.0 - In...

Title source: llm

Description

On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control. This certificate is embedded in the firmware, and is identical across the fleet of devices. An attacker need only download this firmware and extract the private components of these certificates (from /etc/lighttpd.d/ca.pem and /etc/lighttpd.d/server.pem) to gain access. (The firmware download location is shown in a device's upgrade logs.)

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://www.verizon.com/info/reportsecurityvulnerability/

Exploit, Third Party Advisory x_refsource_misc

https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md

View Exploit ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0021

EPSS Percentile 43.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-798

Status published

Products (2)

verizon/lvskihp_indoorunit_firmware 3.4.66.162

verizon/lvskihp_outdoorunit_firmware 3.33.101.0

Published Jul 14, 2022

Tracked Since Feb 18, 2026