Authentication Bypass Vulnerability in Verizon Fios Quantum Gateway
CVE-2019-3915

7.5HIGH

Key Information:

Vendor: Verizon
Status: FiOS Quantum Gateway (g1100)
Vendor: CVE Published:; 11 April 2019

What is CVE-2019-3915?

A significant vulnerability exists in the Verizon Fios Quantum Gateway (G1100) firmware, where an authentication bypass through capture-replay attack can be executed. This flaw allows an unauthenticated attacker with local network access to intercept and replay login requests. Consequently, the attacker may gain unauthorized access to the critical administrative web interface, posing severe risks to the security and integrity of the network. Organizations using the affected firmware must take immediate action to mitigate this vulnerability.

Affected Version(s)

Fios Quantum Gateway (G1100) Firmware version 02.01.00.05

References

https://www.tenable.com/security/research/tra-2019-17

x_refsource_MISC

http://www.securityfocus.com/bid/107883

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2019
Vulnerability Reserved
Jan 3, 2019

CVE-2019-3915 Data

JSON