CVE Tools

verizon

Networking InfrastructureUScommercial

13

Cumulative CVEs

3

Monthly snapshots

#35

Peak rank

Top products

lvskihp outdoorunit firmware6 lvskihp indoorunit firmware5

Latest CVEs

The 15 most recently published vulnerabilities affecting verizon.

CVE-2026-10629CVE-2026-106297.4Jun 2, 2026
CVE-2022-28369Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate the user-provided URL within the crtcmode function's enable_ssh sub-operation of the crtcrpc JSON listener (found at /lib/funct...9.8Jul 14, 2022
CVE-2022-28370On Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 devices, the RPC endpoint crtc_fw_upgrade provides a means of provisioning a firmware update for the device. /lib/functions/wnc_jsonsh/wnc_cr...7.5Jul 14, 2022
CVE-2022-28371On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control. This certificate is ...7.5Jul 14, 2022
CVE-2022-28372On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via ...7.5Jul 14, 2022
CVE-2022-28373Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly sanitize user-controlled parameters within the crtcreadpartition function of the crtcrpc JSON listener in /usr/lib/lua/luci/crt...9.8Jul 14, 2022
CVE-2022-28374Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal. An authenticated rem...8.8Jul 14, 2022
CVE-2022-28375Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker o...9.8Jul 14, 2022
CVE-2022-28377On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. This p...7.5Jul 14, 2022
CVE-2022-29729Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the...7.5May 27, 2022
CVE-2022-28376Verizon 5G Home LVSKIHP outside devices through 2022-02-15 allow anyone (knowing the device's serial number) to access a CPE admin website, e.g., at the 10.0.0.1 IP address. The password (for the v...8.1Apr 3, 2022
CVE-2020-7660serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".8.1Jun 1, 2020
CVE-2019-16769Affected versions of serialize-javascript are vulnerable to Cross-site Scripting (XSS)4.2Dec 5, 2019
CVE-2019-3916Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by si...7.5Apr 11, 2019
CVE-2019-3915Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to interce...7.5Apr 11, 2019