Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does...
Critical severity
Unreviewed
Published
Jul 15, 2022
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Description
Published by the National Vulnerability Database
Jul 14, 2022
Published to the GitHub Advisory Database
Jul 15, 2022
Last updated
Jan 27, 2023
Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/rpc.lua to achieve remote code execution as root,
References