Out of all possible vulnerabilities the hardware we use on daily basis may have, the ones which allow hackers a full takeover of the device is probably the one which sounds most ominous.
Well, one of these vulnerabilities, dubbed CVE-2019-3914, was discovered late last year in the Fios Quantum Gateway residential routers, usually issued by Verizon, meaning "millions" of users could be at risk.
The flaw was discovered (opens in new tab) by security firm Tenable, which noted it could be “allowing an authenticated attacker to execute arbitrary commands with root privileges.”
“This issue exists due to the way firewall access control rules are processed. Specifically, the vulnerability can be triggered by adding an access control rule for a network object with a crafted host name,” Tenable explained in an advisory.
The caveat is that whoever would want full takeover, would require credentials for the router’s web interface. Not an easy thing to do, but definitely not impossible, especially with today’s social engineering tactics hackers often (successfully) deploy.
On March 1, the vendor patched the vulnerability, releasing firmware version 02.02.00.13. Since then, Verizon has been rolling out the update through their automatic update service, but the company says some machines are still left vulnerable. The company urged users to double-check the firmware version of their routers to ensure their devices are secure.
Image source: Shutterstock/Ai825