EIP-2026-101490

PRE-CVE

Verizon 4G LTE Network Extender - Weak Credentials Algorithm

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101490. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit demonstrates a weak credential generation algorithm in Verizon 4G LTE Network Extender, where the admin password is derived from the last 4 characters of the device's MAC address (disclosed on the login page) concatenated with 'LTEFemto'. The provided JavaScript code fetches the MAC address and constructs the default password.

Description

Verizon 4G LTE Network Extender - Weak Credentials Algorithm

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textremotehardware

https://www.exploit-db.com/exploits/50875

View Code ZIP pw:eip

The exploit demonstrates a weak credential generation algorithm in Verizon 4G LTE Network Extender, where the admin password is derived from the last 4 characters of the device's MAC address (disclosed on the login page) concatenated with 'LTEFemto'. The provided JavaScript code fetches the MAC address and constructs the default password.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131

No auth needed

Prerequisites: Access to the device's web interface · MAC address visible on the login page

MITRE ATT&CK

T1110.001 - Password Guessing

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026