How severe is CVE-2022-28371?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2022-28371?

This is classified as CWE-798, which is a common weakness in software security.

CVE-2022-28371 - HIGH Severity | CVSS 7.5

Vulnerability Description

On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control. This certificate is embedded in the firmware, and is identical across the fleet of devices. An attacker need only download this firmware and extract the private components of these certificates (from /etc/lighttpd.d/ca.pem and /etc/lighttpd.d/server.pem) to gain access. (The firmware download location is shown in a device's upgrade logs.)

Related Vulnerabilities

CVE-2005-3716

HIGH

CVSS:7.5(High)

The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has hard-coded public credentials that cannot be changed, which allows attackers to obtain sensitive ...

CWE-7982005

CVE-2005-3803

HIGH

CVSS:7.5(High)

Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information.

CWE-7982005

CVE-2010-2073

HIGH

CVSS:7.5(High)

auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test, (2) user, and (3) roxon accounts, which allows remote attackers to read arbitrary files from the FTP ser...

CWE-7982010

CVE-2013-1352

HIGH

CVSS:7.5(High)

Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a JAR archive.

CWE-7982013

CVE-2013-2567

HIGH

CVSS:7.5(High)

An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through 1.6.03 due to a hardcoded admin account found in boa.conf, which lets a remote malicious user obtain sens...

CWE-7982013

CVE-2013-2572

HIGH

CVSS:7.5(High)

A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which...

CWE-7982013