Arbitrary File Upload Vulnerability in Verizon 5G Home LVSKIHP InDoorUnit (IDU) and OutDoorUnit (ODU) Devices

Arbitrary File Upload Vulnerability in Verizon 5G Home LVSKIHP InDoorUnit (IDU) and OutDoorUnit (ODU) Devices

CVE-2022-28372 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via crtc_fw_upgrade or crtcfwimage. The URL provided is not validated, and thus allows for arbitrary file upload to the device. This occurs in /lib/lua/luci/crtc.lua (IDU) and /lib/functions/wnc_jsonsh/wnc_crtc_fw.sh (ODU).

Learn more about our Web Application Penetration Testing UK.