Tenable Discloses Verizon Fios Router Vulnerabilities
Millions of houses throughout America have Verizon’s Fios Quantum Gateway router as their main conduit to the web, and lots of of them may very well be in danger, based on new analysis from safety agency Tenable.
On April 9, Tenable publicly disclosed that it was capable of finding a number of vulnerabilities within the Verizon Fios Quantum Gateway (G1000) router. The influence of the failings is {that a} distant attacker may doubtlessly get unauthorized entry to the router and, by extension, the consumer’s complete community. Tenable responsibly disclosed the vulnerabilities to Verizon in December 2018 and waited till Verizon launched a firmware replace fixing the problems earlier than issuing the general public disclosure.
“There are three separate flaws,” Chris Lyne, senior analysis engineer at Tenable, informed eWEEK. “However, the most impactful flaw is the authenticated command injection (CVE-2019-3914). This is remotely exploitable.”
Further studying Google Boosts Cloud Security and Transparency Sysdig Unites Visibility and Security
The Verizon Fios Quantum Gateway was developed by Verizon and Greenwave Systems, and it’s the default router that Verizon offers to its Fios clients. Lyne first notified Verizon in regards to the points on Dec. 11, 2018, and obtained a reply from the Verizon Incident Response Team a day later. He famous that the 02.02.00.13 firmware replace fixes the problems, and Verizon is within the means of auto-updating all affected units.
Vulnerabilities
Tenable has a number of instruments in its product portfolio and is maybe greatest recognized for being the inventor of the Nessus vulnerability scanner. Lyne said, nonetheless, that Nessus was not used to seek out the Verizon gateway router bugs. Rather, he discovered them as a part of his day-to-day analysis actions.
Lyne defined that the authenticated command injection assault (CVE-2019-3914) is feasible in a LAN surroundings and when Remote Administration is enabled, the assault turns into potential remotely. He famous that there are two viable assault eventualities for this vulnerability. The first is an insider/home visitor who connects to WiFi and figures out the router’s public IP tackle. From there, they will log into the router’s admin net interface to allow Remote Administration. After the home visitor leaves, she or he can exploit CVE-2019-3914 remotely, from throughout the web, to achieve distant root shell entry to the router’s underlying working system.
The different situation outlined by Lyne is an attacker masquerading as a Verizon tech assist worker. In this case, the attacker calls an unsuspecting Verizon buyer and pretends there is a matter with their service. The attacker then asks the shopper for his/her administrator password to log into the router’s admin net interface and to allow Remote Administration. At this level, the attacker may ask for the general public IP tackle, which is conveniently displayed after logging in. The attacker can then acquire distant root shell entry to the router’s underlying OS.
Another flaw recognized by Tenable is CVE-2019-3915, which is a Login Replay vulnerability.
“Because HTTPS isn’t enforced within the net administration interface, an attacker on the native community…