If you have Verizon FiOS Quantum Gateway G1100 router, then you need to update to its new version now.
The security researchers from Tenable found three vulnerabilities on FiOS Quantum Gateway router. The company said that it disclosed these security flaws to Verizon in December and Verizon had fixed the issues on March.
But still, there are some customers didn’t get the update automatically and waiting to still need a patch, said Verizon. If the router’s firmware is running on 02.02.00.13 version then the user won’t need to take any action, they are up-to-date and safe from the vulnerabilities.
“We were recently made aware of three vulnerabilities related to login and password information on the Broadband Home Router Fios-G1100,” a Verizon spokesman said in a statement. “As soon as we were made aware of these vulnerabilities, we took immediate action to remediate them and are issuing patches.”
In the United States, Verizon’s FiOS Quantum Gateway routers are used in millions of homes and small businesses.
What are the Vulnerabilities?
Tenable security researcher Chris Lyne, published CVE’s.
CVE-2019-3914 – Authenticated Remote Command Injection
This vulnerability can be triggered by adding a firewall access control rule for a network object with a crafted hostname. An attacker must be authenticated to the device’s administrative web application in order to perform the command injection. In most cases, the vulnerability can only be exploited by attackers with local network access. However, an internet-based attack is feasible if remote administration is enabled; it is disabled by default.
CVE-2019-3915 – Login Replay
Because HTTPS is not enforced in the web administration interface, an attacker on the local network segment can intercept login requests using a packet sniffer. These requests can be replayed to give the attacker admin access to the web interface. From here, the attacker could exploit CVE-2019-3914.
CVE-2019-3916 – Password Salt Disclosure
An unauthenticated attacker is able to retrieve the value of the password salt by simply visiting a URL in a web browser. Given that the firmware does not enforce the use of HTTPS, it is feasible for an attacker to capture (sniff) a login request. The login request contains a salted password hash (SHA-512), so the attacker could then perform an offline dictionary attack to recover the original password.
You should check FiOS router settings to make sure it’s running firmware version 2.2.
“Routers are the central hub of every smart home today. They keep us connected to the corners of the internet, secure our homes and, even, remotely unlock doors,” Renaud Deraison, Tenable’s chief technology officer, said in a statement.