← Back

CVE-2019-3916

nvd nist
Published: Apr 11, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g. /api).

Affected (1)

Verizon
1 product
Fios Quantum Gateway G1100 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fios Quantum Gateway G1100 Firmware
Version 02.01.00.05
Running on/withPlatform Versions
Verizon
Fios Quantum Gateway G1100
All versions

Related CWEs

CWE-425
Direct Request ('Forced Browsing')
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

References (2)

Source: vulnreport@tenable.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.