CVE-2019-3916

Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g. /api).
Forced Browsing
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
tenableCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
verizonfios_quantum_gateway_g1100_firmware
02.01.00.05
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.tenable.com/security/research/tra-2019-17
https://www.tenable.com/security/research/tra-2019-17