Headline
CVE-2022-28376: r/verizon - Comment by u/snakamoto2 on ”5G Home Internet Dropping Out”
Verizon LVSKIHP 5G outside devices through 2022-02-15 allow anyone (knowing the device’s serial number) to access a CPE admin website, e.g., at the 10.0.0.1 IP address. The password (for the verizon username) is calculated by concatenating the serial number and the model (i.e., the LVSKIHP string), running the sha256sum program, and extracting the first seven characters concatenated with the last seven characters of that SHA-256 value.
well, Verizon custom support will never tell you the credential but I manage to get it.
the username is verizon. the password is calculated using your S/N and device model (check SKU printed on your device)
Here’s the algorithm
snmodel_sha256=echo -n $SN_VALIDATION$model | sha256sum snmodel_first7char=echo $snmodel_sha256 | cut -c1-7 snmodel_last7char=echo $snmodel_sha256 | cut -c58-64 pwd=$snmodel_first7char$snmodel_last7char
“$SN_VALIDATION” is your device S/N “$model” is LVSKIHP (SKU printed on device)