CVE-2019-3915

Published: Apr 11, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.6 / Impact: 5.9

Source: NVD

Description

Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept and replay login requests to gain access to the administrative web interface.

Affected (1)

Products: Verizon: Fios Quantum Gateway G1100 Firmware

1 product

Fios Quantum Gateway G1100 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Verizon Fios Quantum Gateway G1100 Firmware	Version 02.01.00.05

Running on/with	Platform Versions
Verizon Fios Quantum Gateway G1100	All versions

Related CWEs

Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

References (4)

http://www.securityfocus.com/bid/107883

Source: vulnreport@tenable.com

https://www.tenable.com/security/research/tra-2019-17

Source: vulnreport@tenable.com

Third Party Advisory

http://www.securityfocus.com/bid/107883

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.tenable.com/security/research/tra-2019-17

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.