Skip to main content

Verizon launches patch for router vulnerability

(Image credit: Image source: Shutterstock/Ai825)

Out of all possible vulnerabilities the hardware we use on daily basis may have, the ones which allow hackers a full takeover of the device is probably the one which sounds most ominous.

Well, one of these vulnerabilities, dubbed CVE-2019-3914, was discovered late last year in the Fios Quantum Gateway residential routers, usually issued by Verizon, meaning "millions" of users could be at risk.

The flaw was discovered (opens in new tab) by security firm Tenable, which noted it could be “allowing an authenticated attacker to execute arbitrary commands with root privileges.”

“This issue exists due to the way firewall access control rules are processed. Specifically, the vulnerability can be triggered by adding an access control rule for a network object with a crafted host name,” Tenable explained in an advisory.

The caveat is that whoever would want full takeover, would require credentials for the router’s web interface. Not an easy thing to do, but definitely not impossible, especially with today’s social engineering tactics hackers often (successfully) deploy.

On March 1, the vendor patched the vulnerability, releasing firmware version 02.02.00.13. Since then, Verizon has been rolling out the update through their automatic update service, but the company says some machines are still left vulnerable. The company urged users to double-check the firmware version of their routers to ensure their devices are secure.

Image source: Shutterstock/Ai825

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.