CVE-2022-28375 – This vulnerability allows remote attackers on t... (How to Fix)

Q: What is the severity of CVE-2022-28375?

CVE-2022-28375 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers on the local network to execute arbitrary commands as root on Verizon 5G Home LVSKIHP outdoor units. The issue stems from improper input sanitization in the crtcswitchsimprofile function, enabling shell injection. All users of affected Verizon 5G Home equipment are at risk.

📋 TL;DR

This vulnerability allows remote attackers on the local network to execute arbitrary commands as root on Verizon 5G Home LVSKIHP outdoor units. The issue stems from improper input sanitization in the crtcswitchsimprofile function, enabling shell injection. All users of affected Verizon 5G Home equipment are at risk.

💻 Affected Systems

Products:

Verizon 5G Home LVSKIHP OutDoorUnit (ODU)

Versions: 3.33.101.0

Operating Systems: Embedded Linux/Lua-based firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Verizon 5G Home equipment with the specific LVSKIHP model. Requires attacker to be on the same local network as the device.

📦 What is this software?

Lvskihp Outdoorunit Firmware by Verizon

View all CVEs affecting Lvskihp Outdoorunit Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the device with root access, allowing attackers to intercept/modify network traffic, install persistent malware, pivot to other network devices, or disable the internet connection entirely.

🟠

Likely Case

Attackers on the local network gain full control of the 5G modem/router, enabling them to monitor all traffic, steal credentials, and potentially attack other devices on the network.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the device itself without lateral movement to other systems.

🌐 Internet-Facing: LOW (The vulnerability requires local network access; the RPC listener is not typically exposed to the internet)

🏢 Internal Only: HIGH (Any attacker on the local network can exploit this without authentication)

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit details available in GitHub repository. Exploitation requires only network access and knowledge of the device's IP address.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.verizon.com/info/reportsecurityvulnerability/

Restart Required: Yes

Instructions:

1. Contact Verizon support for firmware updates. 2. Check for automatic firmware updates from Verizon. 3. If update available, apply through device admin interface. 4. Reboot device after update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate the Verizon 5G device on its own VLAN to limit attack surface

Access Control Lists

linux

Implement firewall rules to restrict access to the device's management interface

iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP

🧯 If You Can't Patch

Physically isolate the device from untrusted networks
Monitor network traffic for unusual RPC requests to the device

🔍 How to Verify

Check if Vulnerable:

Check device firmware version in admin interface. If version is 3.33.101.0, device is vulnerable.

Check Version:

curl -s http://[device-ip]/cgi-bin/luci/rpc/Sys?auth=[token]&method=exec&params='cat /etc/version'

Verify Fix Applied:

Verify firmware version has changed from 3.33.101.0 to a newer version.

📡 Detection & Monitoring

Log Indicators:

Unusual Lua/RPC process execution
Shell commands originating from network requests
Failed authentication attempts to RPC interface

Network Indicators:

HTTP POST requests to /cgi-bin/luci/rpc containing shell metacharacters
Unusual outbound connections from the Verizon device

SIEM Query:

source="verizon-router" AND (url="/cgi-bin/luci/rpc" AND (body="exec" OR body="system" OR body="os.execute"))

📊 Metadata

CVE ID: CVE-2022-28375

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

Published: July 14, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md Exploit,Third Party Advisory
https://www.verizon.com/info/reportsecurityvulnerability/ Vendor Advisory
https://github.com/JousterL/SecWriteups/blob/main/Verizon%20LVSKIHP%205G%20Modem/readme.md Exploit,Third Party Advisory
https://www.verizon.com/info/reportsecurityvulnerability/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-28375, you might also want to check these: