fios quantum gateway router firmware update Routers Listed Here

Blog

Background

Tenable Analysis has found a number of vulnerabilities within the Verizon Fios Quantum Gateway (G1100) router. Verizon has launched firmware model 02.02.00.13 to repair these vulnerabilities.

Impression

These routers are equipped to all new Verizon Fios clients until they elect to make use of their very own router, which isn’t quite common. Tenable researcher Chris Lyne has outlined a number of potential assault situations for these vulnerabilities.

Situation 1: Rebellious teen (insider risk)

CVE-2019-3915 – Login Replay

Let’s assume the Verizon buyer is a dad or mum of a young person. {The teenager} desires to avoid parental controls, as teenagers are wont to do. Let’s assume the dad or mum is wise and has modified the Administrator password for the router. The teenager can’t simply use the credentials on the sticker to log into the executive interface and alter the parental controls. They need to attempt one thing else.

It is secure to say {that a} involved dad or mum would log into the router every so often to verify whether or not the teenager has tried to flout the parental controls. As a result of HTTPS shouldn’t be enforced within the internet browser, a intelligent teen may carry out packet sniffing and file the dad or mum’s login. After recording the login sequence, the teenager may then replay the login to achieve entry to the router’s administrative interface (CVE-2019-3915). At this level, she or he may change the parental controls, delete proof of misbehavior, and so forth.

Situation 2: The home visitor who by no means left (insider risk, distant assault)

CVE-2019-3914 – Authenticated Distant Command Injection

Folks have home friends over on a regular basis – members of the family, associates, associates of associates, or possibly even AirBNB friends. Typically, you will give your friends your Wi-Fi password (WPA2 key) to permit them to make use of your web connection.

So, the home visitor is bodily in your house and has related to your Wi-Fi. The home visitor can decide your public IP tackle by visiting on their cellular gadget. They may additionally take a photograph of the credential sticker on the Verizon Fios Quantum Gateway router.

Utilizing this info, the home visitor may do both of the next:

  1. Log into the router’s administrative internet interface to allow Distant Administration.
  2. Hope that Distant Administration is already enabled. (A Shodan.io search exhibits 15,323 Verizon routers with Distant Administration enabled.)

After the home visitor leaves, she or he can exploit CVE-2019-3914 remotely, from throughout the web, to achieve distant root shell entry to the router’s underlying working system. From right here, the home visitor has management of the community. The attacker can create again doorways, file delicate web transactions, pivot to different units, and so forth.

Situation 3: Verizon tech assist social engineering (distant assault)

CVE-2019-3914 – Authenticated Distant Command Injection

Social engineering assaults aren’t nearly phishing campaigns and information breaches as a consequence of untrained workers. They occur towards “common” shoppers on a regular basis, too. It’s totally doable {that a} malicious actor would carry out social engineering by masquerading as a Verizon tech assist worker.

On this situation, the attacker, posing as a buyer assist worker, calls a Verizon buyer (sufferer) and pretends there’s some form of a problem with their Verizon Fios service. The attacker asks the shopper for his/her Administrator password on the aspect of the router and to log into the router’s admin internet interface. At this level, the attacker may ask for the Public IP tackle which is conveniently displayed instantly after logging in. Additionally, the attacker would ask the sufferer to allow Distant Administration.

With this info, the attacker can exploit CVE-2019-3914 remotely, with the identical consequence as Situation 2.

Video

From PDF

PDF to Word Easily convert your PDF files into easy to edit DOC and DOCX documents. The converted WORD document is almost 100% accurate.

PDF to JPG Convert each PDF page into a JPG or extract all images contained in a PDF.

PDF to PNG Convert each PDF page into a PNG or extract all images contained in a PDF.

PDF to TXT This on-line PDF converter instrument permits you to save PDF paperwork as a separate set of TXT file.

Repair Gradual LAN Velocity

So how are you going to go about fixing this drawback? Nicely, the simplest manner if you’re compelled to make use of coax cabling is to improve your router to the brand new Quantum Gateway router supplied by Verizon. You’ll be able to both lease it for $10 a month or purchase it outright for $199.

One of the best ways to get the Quantum Gateway router without spending a dime is to easily improve your Web pace by one plan and they’re going to often provide the router without spending a dime. I used to be at 75/75 and upgraded to 100/100 and requested if they may throw within the router too without spending a dime, which they did.

In the event that they inform you that growing to that pace received’t qualify you, then simply ask to be upgraded to one thing greater after which cut back your pace after they improve your router. For instance, if you’re at 25/25 and so they say they’ll’t provide the new router should you improve to 50/50, simply say you need to improve to 75/75. They gives you the brand new router without spending a dime and then you definately merely go browsing and cut back your pace to 50/50 two days later. A Verizon consultant advised me this trick!

In the event you can’t get the router that manner, go to Amazon and you may get it for $142.50, saving you some cash. You too can attempt on eBay and presumably rating a greater deal there. The one I obtained and the one pictured above is the G1100 gateway router.

The router has a number of benefits over the Actiontec router when it comes to wi-fi options, however for me, the most important draw was the MoCA 2.0 assist. After getting this router put in, how do you get MoCA 2.0 speeds in your different units?

Nicely, since my home is related by way of coax all over the place, I had to purchase some MoCA 2.0 adapters. The one I bought was from Actiontec. It’s a MoCA 2.0 Coax to Ethernet adapter and it’s fairly costly.

I related this adapter to the coax in my wall and related the Ethernet out to a swap, which was related to all my different units like computer systems, and so forth. So what sort of pace enchancment did I see? Nicely, baseline MoCA 2.0 can provide you speeds as much as 400 Mbps, which interprets into about 50 MB/s. In my very own exams, the pace elevated to about 54 MB/s. This was virtually 5 occasions quicker than my earlier pace!

There may be additionally an enhanced MoCA 2.0 pace, which supplies you a throughput as much as 800 Mbps, but it surely needs to be a bonded coax connection. There’s a bonded MoCA adapter just like the one proven above from Actiontec, however the G1100 router solely helps MoCA 2.0 not bonded MoCA 2.0, so you possibly can’t get these greater speeds.

Footer

Current Posts How & Why? to [Create a New Gmail Account] without spending a dime | Gmail Signup| www.GMAIL.comLogin www.njmcdirect.com – Visitors Ticket on-line pay by way of NJMCDirect NJMCDirect : Visitors Ticket pay & Municipal Ticket Search Netgear Genie Cellular App for smartphone & Desktop Software program for PC

Tags