A cybersecurity researcher at Tenable has discovered multiple security vulnerabilities in Verizon Fios Quantum Gateway Wi-Fi routers that could allow remote attackers to take complete control over the affected routers, exposing every other device connected to it.
Currently used by millions of consumers in the United States, Verizon Fios Quantum Gateway Wi-Fi routers have been found vulnerable to three security vulnerabilities, identified as CVE-2019-3914, CVE-2019-3915, and CVE-2019-3916.
The flaws in question are authenticated command injection (with root privileges), login replay, and password salt disclosure vulnerabilities in the Verizon Fios Quantum Gateway router (G1100), according to technical details Chris Lyne, a senior research engineer at Tenable, shared with The Hacker News.
Authenticated Command Injection Flaw (CVE-2019-3914)
When reviewing the log file on his router, Chris noticed that the “Access Control” rules in the Firewall settings, available in the router’s web interface, was not properly sanitising the “hostname” parameter while passing the values as part of a command to the console.
So, it turned out that injecting a malicious input as hostname can manipulate the Firewall command, eventually allowing an attacker to execute arbitrary code on the affected device.
“Notice the iptables command being issued. Clearly, I must have entered tenable [keyword] in here at some point. That got me thinking… I wonder if I can inject an OS command into this,” the researcher said in a blog post.
“Clearly, this has to do with Access Control rules in the Firewall settings. I investigated the web interface to see if I could find tenable anywhere.”
However, it should be noted that to exploit this vulnerability (CVE-2019-3914) the attacker first needs to access the router’s web interface, which itself reduces the attack surface unless the victims are not relying on the default or weak passwords.
images from Hacker News