Information Disclosure in Verizon Fios Quantum Gateway by Verizon
CVE-2019-3916

7.5HIGH

Key Information:

Vendor: Verizon
Status: FiOS Quantum Gateway (g1100)
Vendor: CVE Published:; 11 April 2019

What is CVE-2019-3916?

An information disclosure vulnerability exists in the firmware of the Verizon Fios Quantum Gateway (G1100), specifically version 02.01.00.05. This flaw allows remote, unauthenticated attackers to exploit a request to a specific API URL and retrieve sensitive information, such as the password salt. By leveraging this vulnerability, attackers can gain insights into user credentials, posing a significant security risk.

Affected Version(s)

Fios Quantum Gateway (G1100) Firmware version 02.01.00.05

References

https://www.tenable.com/security/research/tra-2019-17

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2019
Vulnerability Reserved
Jan 3, 2019

CVE-2019-3916 Data

JSON