VAR-201904-0315
Vulnerability from variot - Updated: 2023-12-18 12:18Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g. /api). Verizon Fios Quantum Gateway (G1100) Firmware contains an information disclosure vulnerability.Information may be obtained. Verizon Wireless FiosQuantumGateway (G1100) is a wireless router from Verizon Wireless. An information disclosure vulnerability exists in VerizonFiosQuantumGateway (G1100) using firmware version 02.01.00.05, which is due to errors in the configuration of the network system or product during operation. An attacker could exploit this vulnerability to obtain sensitive information about an affected component
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0315",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fios quantum gateway g1100",
"scope": "eq",
"trust": 1.8,
"vendor": "verizon",
"version": "02.01.00.05"
},
{
"model": "wireless fios quantum gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "verizon",
"version": "02.01.00.05"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24768"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003343"
},
{
"db": "NVD",
"id": "CVE-2019-3916"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:verizon:fios_quantum_gateway_g1100_firmware:02.01.00.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:verizon:fios_quantum_gateway_g1100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3916"
}
]
},
"cve": "CVE-2019-3916",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-3916",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-24768",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-155351",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3916",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-3916",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-24768",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-583",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-155351",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24768"
},
{
"db": "VULHUB",
"id": "VHN-155351"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003343"
},
{
"db": "NVD",
"id": "CVE-2019-3916"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-583"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g. /api). Verizon Fios Quantum Gateway (G1100) Firmware contains an information disclosure vulnerability.Information may be obtained. Verizon Wireless FiosQuantumGateway (G1100) is a wireless router from Verizon Wireless. An information disclosure vulnerability exists in VerizonFiosQuantumGateway (G1100) using firmware version 02.01.00.05, which is due to errors in the configuration of the network system or product during operation. An attacker could exploit this vulnerability to obtain sensitive information about an affected component",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3916"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003343"
},
{
"db": "CNVD",
"id": "CNVD-2019-24768"
},
{
"db": "VULHUB",
"id": "VHN-155351"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3916",
"trust": 3.1
},
{
"db": "TENABLE",
"id": "TRA-2019-17",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003343",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-583",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-24768",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-155351",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24768"
},
{
"db": "VULHUB",
"id": "VHN-155351"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003343"
},
{
"db": "NVD",
"id": "CVE-2019-3916"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-583"
}
]
},
"id": "VAR-201904-0315",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24768"
},
{
"db": "VULHUB",
"id": "VHN-155351"
}
],
"trust": 1.575
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24768"
}
]
},
"last_update_date": "2023-12-18T12:18:05.611000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fios Quantum Gateway",
"trust": 0.8,
"url": "https://www.verizon.com/home/accessories/fios-quantum-gateway/"
},
{
"title": "Patch for Verizon WirelessFiosQuantumGateway (G1100) Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/171861"
},
{
"title": "Verizon Wireless Fios Quantum Gateway ( G1100 ) Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=91395"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24768"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003343"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-583"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-425",
"trust": 1.1
},
{
"problemtype": "CWE-200",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155351"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003343"
},
{
"db": "NVD",
"id": "CVE-2019-3916"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.tenable.com/security/research/tra-2019-17"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3916"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3916"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-24768"
},
{
"db": "VULHUB",
"id": "VHN-155351"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003343"
},
{
"db": "NVD",
"id": "CVE-2019-3916"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-583"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-24768"
},
{
"db": "VULHUB",
"id": "VHN-155351"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003343"
},
{
"db": "NVD",
"id": "CVE-2019-3916"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-583"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-24768"
},
{
"date": "2019-04-11T00:00:00",
"db": "VULHUB",
"id": "VHN-155351"
},
{
"date": "2019-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003343"
},
{
"date": "2019-04-11T15:29:00.543000",
"db": "NVD",
"id": "CVE-2019-3916"
},
{
"date": "2019-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-583"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-24768"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-155351"
},
{
"date": "2019-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003343"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-3916"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-583"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-583"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Verizon Fios Quantum Gateway Information disclosure vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003343"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-583"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…