CVE-2022-28376 in LVSKIHP 5G
Summary
by MITRE • 04/03/2022
Verizon LVSKIHP 5G outside devices through 2022-02-15 allow anyone (knowing the device's serial number) to access a CPE admin website, e.g., at the 10.0.0.1 IP address. The password (for the verizon username) is calculated by concatenating the serial number and the model (i.e., the LVSKIHP string), running the sha256sum program, and extracting the first seven characters concatenated with the last seven characters of that SHA-256 value.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 04/05/2022
This vulnerability affects Verizon LVSKIHP 5G outdoor devices with firmware versions through 2022-02-15, presenting a critical security flaw in the device's authentication mechanism. The weakness lies in the predictable password generation algorithm that directly ties the administrative access credentials to the device's unique identifier. An attacker who obtains a device's serial number can easily compute the administrative password through a deterministic process that concatenates the serial number with the model identifier "LVSKIHP", applies the SHA-256 cryptographic hash function, and extracts specific character segments from the resulting hash value. This design flaw fundamentally undermines the security posture of these network devices by eliminating the randomness and entropy typically required for secure authentication credentials.
The technical implementation of this vulnerability demonstrates a clear violation of security best practices and aligns with CWE-259 Use of Hard-coded Credentials, as the password derivation method creates a hard-coded relationship between the device identifier and the administrative access credentials. The attack vector is particularly concerning because it requires minimal information gathering - only the serial number of a target device - to gain unauthorized administrative access to the CPE (Customer Premises Equipment) management interface. The administrative web interface is accessible at the default IP address 10.0.0.1, which represents a common default configuration that attackers can readily target without requiring specialized knowledge of the specific device model or its network configuration.
The operational impact of this vulnerability is severe and multifaceted, as it allows for complete administrative control over affected devices without requiring any privileged access or advanced exploitation techniques. An attacker with knowledge of a single device's serial number can immediately gain root access to the device's management interface, enabling them to modify network configurations, install malicious firmware, redirect traffic, or establish persistent backdoors. This vulnerability directly maps to ATT&CK technique T1078 Valid Accounts, as it provides legitimate administrative credentials that bypass normal authentication mechanisms. The implications extend beyond individual device compromise, as these outdoor 5G devices often serve as critical network infrastructure points that could be leveraged to conduct broader network attacks or establish persistent access to larger network segments.
Mitigation strategies for this vulnerability should focus on immediate remediation through firmware updates provided by Verizon, as the manufacturer would have released patches to address the predictable password generation algorithm. Organizations should implement network segmentation to isolate these devices from critical network infrastructure and establish monitoring for unauthorized access attempts. The vulnerability also highlights the need for proper credential management practices and the implementation of strong, randomly generated administrative passwords that are not derivable from device identifiers. Network administrators should conduct comprehensive inventory audits to identify all affected devices and ensure that default administrative credentials are changed immediately upon device deployment, following security guidelines that align with NIST SP 800-123 and other cybersecurity frameworks that emphasize the importance of unique, unpredictable authentication credentials for network infrastructure devices.