Weak Default Admin Password Bug in Verizon 4G LTE Network Extender
CVE-2022-29729

7.5HIGH

Key Information:

Vendor: Verizon
Status: 4g Lte Network Extender Firmware
Vendor: CVE Published:; 2 June 2022

What is CVE-2022-29729?

The Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 is susceptible to a vulnerability due to a flawed algorithm used for generating default admin passwords. This weakness allows unauthorized attackers to exploit the admin access via the webUI login page, compromising the security of the device and potentially the network it connects to.

References

https://www.verizon.com/

x_refsource_MISC

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-57...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2022
Vulnerability Reserved
Apr 25, 2022

CVE-2022-29729 Data

JSON