CVE-2022-28373 – This vulnerability allows remote attackers on t... (How to Fix)

Q: What is the severity of CVE-2022-28373?

CVE-2022-28373 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers on the local network to execute arbitrary commands as root on Verizon 5G Home LVSKIHP InDoorUnit devices. The issue stems from improper input sanitization in the crtcrpc JSON listener, enabling shell injection attacks. Only users of specific Verizon 5G modem hardware with vulnerable firmware are affected.

📋 TL;DR

This vulnerability allows remote attackers on the local network to execute arbitrary commands as root on Verizon 5G Home LVSKIHP InDoorUnit devices. The issue stems from improper input sanitization in the crtcrpc JSON listener, enabling shell injection attacks. Only users of specific Verizon 5G modem hardware with vulnerable firmware are affected.

💻 Affected Systems

Products:

Verizon 5G Home LVSKIHP InDoorUnit (IDU)

Versions: 3.4.66.162

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects specific Verizon 5G modem hardware models; requires attacker to be on the same local network.

📦 What is this software?

Lvskihp Indoorunit Firmware by Verizon

View all CVEs affecting Lvskihp Indoorunit Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with root-level remote code execution, allowing attackers to intercept/modify network traffic, install persistent malware, or pivot to other network devices.

🟠

Likely Case

Local network attacker gains full control of the modem/router, enabling traffic monitoring, credential theft, and network reconnaissance.

🟢

If Mitigated

If network segmentation isolates the device and restricts local network access, impact is limited to denial of service or configuration changes.

🌐 Internet-Facing: LOW - The vulnerability requires local network access; the service is not directly exposed to the internet.

🏢 Internal Only: HIGH - Any attacker on the local network can exploit this without authentication to gain root access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit details available in GitHub repository; exploitation requires only network access and knowledge of the target IP.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.verizon.com/info/reportsecurityvulnerability/

Restart Required: No

Instructions:

Contact Verizon support for firmware updates; check for available updates through the device web interface or mobile app.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate the modem/router on a separate VLAN to limit lateral movement from compromised devices.

Access Control Lists

all

Implement firewall rules to restrict access to the modem's management interface (typically port 80/443) to trusted management hosts only.

🧯 If You Can't Patch

Replace vulnerable hardware with a different model or manufacturer
Disable remote management features and use wired connections only

🔍 How to Verify

Check if Vulnerable:

Check firmware version in device web interface (typically at http://192.168.0.1 or http://192.168.1.1) under Settings > About or System Information.

Check Version:

curl -s http://192.168.0.1/cgi-bin/luci/ | grep -i version

Verify Fix Applied:

Verify firmware version has been updated to a version later than 3.4.66.162 through the device web interface.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /cgi-bin/luci paths
Shell command execution in system logs
Unexpected process creation as root

Network Indicators:

Unusual outbound connections from modem IP
Traffic to/from modem on non-standard ports
HTTP requests with shell metacharacters in parameters

SIEM Query:

source="modem_logs" AND (url="*crtcrpc*" OR cmd="*sh*" OR user="root")

📊 Metadata

CVE ID: CVE-2022-28373

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

Published: July 14, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md Exploit,Third Party Advisory
https://www.verizon.com/info/reportsecurityvulnerability/ Vendor Advisory
https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md Exploit,Third Party Advisory
https://www.verizon.com/info/reportsecurityvulnerability/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-28373, you might also want to check these: