CVE-2022-29729

Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.verizon.com/	Vendor Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5701.php	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:verizon:4g_lte_network_extender_firmware:0.4.038.2131:::::::*
	cpe:2.3:o:verizon:4g_lte_network_extender_firmware:ga4.38:::::::*

cpe:2.3:h:verizon:4g_lte_network_extender:-:*:*:*:*:*:*:*

History

10 Jun 2022, 18:17

Type	Values Removed	Values Added
First Time		Verizon 4g Lte Network Extender Firmware Verizon 4g Lte Network Extender Verizon
References	~~(MISC) https://www.verizon.com/ -~~	(MISC) https://www.verizon.com/ - Vendor Advisory
References	~~(MISC) https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5701.php -~~	(MISC) https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5701.php - Exploit, Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 5.0 v3 : 7.5
CWE		CWE-521
CPE		cpe:2.3:o:verizon:4g_lte_network_extender_firmware:ga4.38:::::::* cpe:2.3:o:verizon:4g_lte_network_extender_firmware:0.4.038.2131:::::::* cpe:2.3:h:verizon:4g_lte_network_extender:-:::::::*

02 Jun 2022, 14:53

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-06-02 14:15

Updated : 2023-12-10 14:22

NVD link : CVE-2022-29729

Mitre link : CVE-2022-29729

CVE.ORG link : CVE-2022-29729

JSON object : View

Products Affected

verizon

4g_lte_network_extender
4g_lte_network_extender_firmware

CWE

CWE-521

Weak Password Requirements

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2022-29729

7.5^/10

5.0^/10

Attach tags to `CVE-2022-29729`