CVE-2022-28369 – This vulnerability allows remote attackers on t... (How to Fix)

📋 TL;DR

This vulnerability allows remote attackers on the local network to execute arbitrary code as root on Verizon 5G Home LVSKIHP InDoorUnit devices. The device fails to validate user-supplied URLs in the SSH enable function, enabling attackers to write and execute malicious payloads. All users of affected Verizon 5G Home LVSKIHP InDoorUnit devices with vulnerable firmware are at risk.

💻 Affected Systems

Products:

Verizon 5G Home LVSKIHP InDoorUnit (IDU)

Versions: 3.4.66.162

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerable JSON listener runs by default on affected devices. No special configuration is required for exploitation.

📦 What is this software?

Lvskihp Indoorunit Firmware by Verizon

View all CVEs affecting Lvskihp Indoorunit Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with root-level remote code execution, allowing attackers to intercept/modify all network traffic, install persistent backdoors, or use the device as a pivot point into the internal network.

🟠

Likely Case

Local network attackers gain full control of the device, enabling traffic interception, credential theft, and lateral movement to other devices on the network.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the device itself without allowing lateral movement to other critical systems.

🌐 Internet-Facing: LOW (The vulnerability requires local network access; the exploit endpoint is not directly internet-facing)

🏢 Internal Only: HIGH (Attackers on the local network can exploit this without authentication to gain root access)

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is well-documented with public proof-of-concept details. Exploitation requires only local network access and knowledge of the device IP address.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.verizon.com/info/reportsecurityvulnerability/

Restart Required: No

Instructions:

1. Contact Verizon support for firmware updates
2. Check for available firmware updates through the device management interface
3. Apply any available security patches immediately

🔧 Temporary Workarounds

Network Segmentation

all

Isolate the Verizon 5G device on a separate VLAN to limit lateral movement

Access Control Lists

all

Implement network ACLs to restrict access to the device's management interface

🧯 If You Can't Patch

Segment the device on an isolated network VLAN with strict firewall rules
Disable the crtcrpc JSON listener if possible through device configuration

🔍 How to Verify

Check if Vulnerable:

Check if device firmware version is 3.4.66.162 via device management interface or SSH if accessible

Check Version:

Check device web interface or use: cat /etc/version (if SSH access available)

Verify Fix Applied:

Verify firmware version has been updated to a version later than 3.4.66.162

📡 Detection & Monitoring

Log Indicators:

Unusual SSH connection attempts
Unexpected writes to /usr/sbin/dropbear
Suspicious network requests to crtcrpc JSON endpoint

Network Indicators:

HTTP POST requests to device IP on unusual ports
Unexpected outbound connections from the device

SIEM Query:

source="verizon-5g-device" AND (url="*crtcrpc*" OR path="/usr/sbin/dropbear")

📊 Metadata

CVE ID: CVE-2022-28369

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: July 14, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md Exploit,Third Party Advisory
https://www.verizon.com/info/reportsecurityvulnerability/ Vendor Advisory
https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md Exploit,Third Party Advisory
https://www.verizon.com/info/reportsecurityvulnerability/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-28369, you might also want to check these: