Details of VAR-201904-0315

ID

VAR-201904-0315

CVE

CVE-2019-3916

TITLE

Verizon Fios Quantum Gateway Information disclosure vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-003343

DESCRIPTION

Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g. /api). Verizon Fios Quantum Gateway (G1100) Firmware contains an information disclosure vulnerability.Information may be obtained. Verizon Wireless FiosQuantumGateway (G1100) is a wireless router from Verizon Wireless. An information disclosure vulnerability exists in VerizonFiosQuantumGateway (G1100) using firmware version 02.01.00.05, which is due to errors in the configuration of the network system or product during operation. An attacker could exploit this vulnerability to obtain sensitive information about an affected component

Trust: 2.25

sources: NVD: CVE-2019-3916 // JVNDB: JVNDB-2019-003343 // CNVD: CNVD-2019-24768 // VULHUB: VHN-155351

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-24768

AFFECTED PRODUCTS

vendor:	verizon	model:	fios quantum gateway g1100	scope:	eq	version:	02.01.00.05	Trust: 1.8
vendor:	verizon	model:	wireless fios quantum gateway	scope:	eq	version:	02.01.00.05	Trust: 0.6

sources: CNVD: CNVD-2019-24768 // JVNDB: JVNDB-2019-003343 // NVD: CVE-2019-3916

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-3916
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-3916
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-24768
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201904-583
value:	HIGH
Trust: 0.6
VULHUB:	VHN-155351
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-3916
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-24768
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-155351
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-3916
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-24768 // VULHUB: VHN-155351 // JVNDB: JVNDB-2019-003343 // CNNVD: CNNVD-201904-583 // NVD: CVE-2019-3916

PROBLEMTYPE DATA

problemtype:	CWE-425	Trust: 1.1
problemtype:	CWE-200	Trust: 0.9

sources: VULHUB: VHN-155351 // JVNDB: JVNDB-2019-003343 // NVD: CVE-2019-3916

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-583

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201904-583

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003343

PATCH

title:	Fios Quantum Gateway	url:	https://www.verizon.com/home/accessories/fios-quantum-gateway/	Trust: 0.8
title:	Patch for Verizon WirelessFiosQuantumGateway (G1100) Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/171861	Trust: 0.6
title:	Verizon Wireless Fios Quantum Gateway ( G1100 ) Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91395	Trust: 0.6

sources: CNVD: CNVD-2019-24768 // JVNDB: JVNDB-2019-003343 // CNNVD: CNNVD-201904-583

EXTERNAL IDS

db:	NVD	id:	CVE-2019-3916	Trust: 3.1
db:	TENABLE	id:	TRA-2019-17	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-003343	Trust: 0.8
db:	CNNVD	id:	CNNVD-201904-583	Trust: 0.7
db:	CNVD	id:	CNVD-2019-24768	Trust: 0.6
db:	VULHUB	id:	VHN-155351	Trust: 0.1

sources: CNVD: CNVD-2019-24768 // VULHUB: VHN-155351 // JVNDB: JVNDB-2019-003343 // CNNVD: CNNVD-201904-583 // NVD: CVE-2019-3916

REFERENCES

url:	https://www.tenable.com/security/research/tra-2019-17	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3916	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3916	Trust: 0.8

sources: CNVD: CNVD-2019-24768 // VULHUB: VHN-155351 // JVNDB: JVNDB-2019-003343 // CNNVD: CNNVD-201904-583 // NVD: CVE-2019-3916

SOURCES

db:	CNVD	id:	CNVD-2019-24768
db:	VULHUB	id:	VHN-155351
db:	JVNDB	id:	JVNDB-2019-003343
db:	CNNVD	id:	CNNVD-201904-583
db:	NVD	id:	CVE-2019-3916

LAST UPDATE DATE

2024-11-23T22:33:57.105000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-24768	date:	2019-07-29T00:00:00
db:	VULHUB	id:	VHN-155351	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-003343	date:	2019-05-15T00:00:00
db:	CNNVD	id:	CNNVD-201904-583	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-3916	date:	2024-11-21T04:42:51.490

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-24768	date:	2019-07-26T00:00:00
db:	VULHUB	id:	VHN-155351	date:	2019-04-11T00:00:00
db:	JVNDB	id:	JVNDB-2019-003343	date:	2019-05-15T00:00:00
db:	CNNVD	id:	CNNVD-201904-583	date:	2019-04-11T00:00:00
db:	NVD	id:	CVE-2019-3916	date:	2019-04-11T15:29:00.543