ID
VAR-201904-0313
CVE
CVE-2019-3914
TITLE
Verizon Fios Quantum Gateway Firmware command injection vulnerability
Trust: 0.8
DESCRIPTION
Remote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows a remote, authenticated attacker to execute arbitrary commands on the target device by adding an access control rule for a network object with a crafted hostname. Verizon Fios Quantum Gateway (G1100) The firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Verizon Wireless FiosQuantumGateway (G1100) is a wireless router from Verizon Wireless. A command injection vulnerability exists in VerizonFiosQuantumGateway (G1100) using firmware version 02.01.00.05. The vulnerability stems from the fact that external input data constructs executable commands, and the network system or product does not properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command
Trust: 2.25
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | verizon | model: | fios quantum gateway g1100 | scope: | eq | version: | 02.01.00.05 | Trust: 1.8 |
| vendor: | verizon | model: | wireless fios quantum gateway | scope: | eq | version: | 02.01.00.05 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-78 | Trust: 1.1 |
| problemtype: | CWE-77 | Trust: 0.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
operating system commend injection
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | Fios Quantum Gateway | url: | https://www.verizon.com/home/accessories/fios-quantum-gateway/ | Trust: 0.8 |
| title: | Patch for VerizonWirelessFiosQuantumGateway (G1100) command execution vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/171865 | Trust: 0.6 |
| title: | Verizon Wireless Fios Quantum Gateway ( G1100 ) Repair measures for command injection vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91391 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-3914 | Trust: 3.1 |
| db: | TENABLE | id: | TRA-2019-17 | Trust: 2.5 |
| db: | JVNDB | id: | JVNDB-2019-003348 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2019-24766 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201904-579 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-155349 | Trust: 0.1 |
REFERENCES
| url: | https://www.tenable.com/security/research/tra-2019-17 | Trust: 2.5 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-3914 | Trust: 2.0 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3914 | Trust: 0.8 |
SOURCES
| db: | CNVD | id: | CNVD-2019-24766 |
| db: | VULHUB | id: | VHN-155349 |
| db: | JVNDB | id: | JVNDB-2019-003348 |
| db: | CNNVD | id: | CNNVD-201904-579 |
| db: | NVD | id: | CVE-2019-3914 |
LAST UPDATE DATE
2024-11-23T22:33:57.075000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2019-24766 | date: | 2019-07-29T00:00:00 |
| db: | VULHUB | id: | VHN-155349 | date: | 2020-08-24T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-003348 | date: | 2019-05-15T00:00:00 |
| db: | CNNVD | id: | CNNVD-201904-579 | date: | 2020-10-28T00:00:00 |
| db: | NVD | id: | CVE-2019-3914 | date: | 2024-11-21T04:42:51.260 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2019-24766 | date: | 2019-07-26T00:00:00 |
| db: | VULHUB | id: | VHN-155349 | date: | 2019-04-11T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-003348 | date: | 2019-05-15T00:00:00 |
| db: | CNNVD | id: | CNNVD-201904-579 | date: | 2019-04-11T00:00:00 |
| db: | NVD | id: | CVE-2019-3914 | date: | 2019-04-11T14:29:00.233 |