cbcvebase.
CVE-2019-3914
published 2019-04-11

CVE-2019-3914: Remote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows a remote, authenticated attacker to execute…

PriorityP276high7.2CVSS 3.0
AVNACLPRHUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
29.89%
98.0th percentile
Remote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows a remote, authenticated attacker to execute arbitrary commands on the target device by adding an access control rule for a network object with a crafted hostname.

Affected

2 ranges
VendorProductVersion rangeFixed in
verizonfios_quantum_gateway
verizonfios_quantum_gateway_g1100_firmware

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://www.whatismyip.com/
  • Command injection is triggered by adding a firewall access control rule for a network object with a crafted hostname — monitor POST requests to the router's admin web interface that include firewall/ACL rule creation with anomalous or shell-metacharacter-containing hostname fields.
  • Attack requires authenticated access to the device's administrative web application; monitor for unexpected admin logins, especially from external/internet-facing IPs when remote administration is enabled.
  • Internet-based exploitation is feasible when remote administration is enabled on the G1100; Shodan data indicates 15,323 Verizon routers with Remote Administration exposed — flag any G1100 devices with remote admin enabled as high-risk.
  • CVE-2019-3915 (Login Replay) can be chained as a precursor to CVE-2019-3914 exploitation — detect HTTP (non-HTTPS) login requests to the router admin interface on the local network segment, as these can be sniffed and replayed.
  • Vulnerable firmware version is 02.01.00.05; patched version is 02.02.00.13 — inventory Verizon Fios Quantum Gateway (G1100) devices and flag any running firmware below 02.02.00.13.
  • ·Exploitation is limited to authenticated attackers; remote exploitation over the internet is only possible if Remote Administration is explicitly enabled (disabled by default).
  • ·CVE-2019-3916 allows unauthenticated retrieval of the password salt via a URL, which combined with sniffed SHA-512 salted login hashes enables offline dictionary attacks — this can lower the bar for achieving the authenticated access required for CVE-2019-3914.

CVSS provenance

nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vulncheck7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.