CVE-2022-28371 – This vulnerability allows attackers to bypass a... (How to Fix)

Q: What is the severity of CVE-2022-28371?

CVE-2022-28371 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to bypass authentication on Verizon 5G Home LVSKIHP devices by extracting static certificates embedded in the firmware. Anyone using affected Verizon 5G Home IDU and ODU devices with vulnerable firmware versions is at risk.

📋 TL;DR

This vulnerability allows attackers to bypass authentication on Verizon 5G Home LVSKIHP devices by extracting static certificates embedded in the firmware. Anyone using affected Verizon 5G Home IDU and ODU devices with vulnerable firmware versions is at risk.

💻 Affected Systems

Products:

Verizon 5G Home LVSKIHP InDoorUnit (IDU)
Verizon 5G Home LVSKIHP OutDoorUnit (ODU)

Versions: IDU 3.4.66.162 and ODU 3.33.101.0

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All devices with these firmware versions are vulnerable as the static certificates are embedded in firmware.

📦 What is this software?

Lvskihp Indoorunit Firmware by Verizon

View all CVEs affecting Lvskihp Indoorunit Firmware →

Lvskihp Outdoorunit Firmware by Verizon

View all CVEs affecting Lvskihp Outdoorunit Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing unauthorized access to network traffic, device configuration, and potential lateral movement to connected networks.

🟠

Likely Case

Unauthorized access to device management interfaces, configuration tampering, and potential service disruption.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, though authentication bypass remains possible.

🌐 Internet-Facing: HIGH - Devices are typically internet-facing home gateways, making them directly accessible to attackers.

🏢 Internal Only: LOW - This primarily affects internet-facing devices, though compromised devices could be used to pivot to internal networks.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires firmware download and certificate extraction, which is documented in public research.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.verizon.com/info/reportsecurityvulnerability/

Restart Required: Yes

Instructions:

1. Contact Verizon support for firmware updates. 2. Check for available updates through device management interface. 3. Apply any available firmware updates. 4. Reboot device after update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices from critical internal networks using VLANs or firewalls.

Access Control Lists

all

Restrict management interface access to trusted IP addresses only.

🧯 If You Can't Patch

Replace affected devices with updated hardware if available.
Disable remote management features if not required.

🔍 How to Verify

Check if Vulnerable:

Check device firmware version through web interface or SSH if accessible. Vulnerable versions are IDU 3.4.66.162 and ODU 3.33.101.0.

Check Version:

Check via device web interface at http://[device-ip]/ or through device management console.

Verify Fix Applied:

Verify firmware version has been updated to a version later than the vulnerable releases.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to CRTC/ODU RPC endpoints
Firmware download attempts from unusual sources
Certificate validation failures

Network Indicators:

Unusual traffic to device management ports (typically 443, 80)
Connections using extracted certificate credentials

SIEM Query:

source_ip=* AND (dest_port=443 OR dest_port=80) AND dest_ip=[device_ip] AND (user_agent CONTAINS 'curl' OR user_agent CONTAINS 'wget')

📊 Metadata

CVE ID: CVE-2022-28371

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-798

Published: July 14, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md Exploit,Third Party Advisory
https://www.verizon.com/info/reportsecurityvulnerability/ Vendor Advisory
https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md Exploit,Third Party Advisory
https://www.verizon.com/info/reportsecurityvulnerability/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-28371, you might also want to check these: