Content of the material
Tenable Research has discovered multiple vulnerabilities in the Verizon Fios Quantum Gateway (G1100) router. Verizon has released firmware version 02.02.00.13 to fix these vulnerabilities.
These routers are supplied to all new Verizon Fios customers unless they elect to use their own router, which isn’t very common. Tenable researcher Chris Lyne has outlined several potential attack scenarios for these vulnerabilities.
Scenario 1: Rebellious teen (insider threat)
CVE-2019-3915 – Login Replay
Let’s assume the Verizon customer is a parent of a teenager. The teenager wants to circumvent parental controls, as teens are wont to do. Let’s assume the parent is smart and has changed the Administrator password for the router. The teen can’t just use the credentials on the sticker to log into the administrative interface and change the parental controls. They have to try something else.
It’s safe to say that a concerned parent would log into the router from time to time to check whether the teen has tried to flout the parental controls. Because HTTPS is not enforced in the web browser, a clever teen could perform packet sniffing and record the parent’s login. After recording the login sequence, the teen could then replay the login to gain access to the router’s administrative interface (CVE-2019-3915). At this point, he or she could change the parental controls, delete evidence of misbehavior, etc.
Scenario 2: The house guest who never left (insider threat, remote attack)
CVE-2019-3914 – Authenticated Remote Command Injection
People have house guests over all the time – family members, friends, friends of friends, or maybe even AirBNB guests. Often, you’ll give your guests your Wi-Fi password (WPA2 key) to allow them to use your internet connection.
So, the house guest is physically in your home and has connected to your Wi-Fi. The house guest can determine your public IP address by visiting on their mobile device. They could also take a photo of the credential sticker on the Verizon Fios Quantum Gateway router.
Using this information, the house guest could do either of the following:
- Log into the router’s administrative web interface to enable Remote Administration.
- Hope that Remote Administration is already enabled. (A Shodan.io search shows 15,323 Verizon routers with Remote Administration enabled.)
After the house guest leaves, he or she can exploit CVE-2019-3914 remotely, from across the internet, to gain remote root shell access to the router’s underlying operating system. From here, the house guest has control of the network. The attacker can create back doors, record sensitive internet transactions, pivot to other devices, etc.
Scenario 3: Verizon tech support social engineering (remote attack)
CVE-2019-3914 – Authenticated Remote Command Injection
Social engineering attacks aren’t just about phishing campaigns and data breaches due to untrained employees. They happen against “average” consumers all the time, too. It is entirely possible that a malicious actor would perform social engineering by masquerading as a Verizon tech support employee.
In this scenario, the attacker, posing as a customer support employee, calls a Verizon customer (victim) and pretends there is some sort of an issue with their Verizon Fios service. The attacker asks the customer for his/her Administrator password on the side of the router and to log into the router’s admin web interface. At this point, the attacker could ask for the Public IP address which is conveniently displayed immediately after logging in. Also, the attacker would ask the victim to enable Remote Administration.
With this information, the attacker can exploit CVE-2019-3914 remotely, with the same outcome as Scenario 2.
PDF to Word Easily convert your PDF files into easy to edit DOC and DOCX documents. The converted WORD document is almost 100% accurate.
PDF to JPG Convert each PDF page into a JPG or extract all images contained in a PDF.
PDF to PNG Convert each PDF page into a PNG or extract all images contained in a PDF.
PDF to TXT This online PDF converter tool allows you to save PDF documents as a separate set of TXT file.
Fix Slow LAN Speed
So how can you go about fixing this problem? Well, the easiest way if you are forced to use coax cabling is to upgrade your router to the new Quantum Gateway router offered by Verizon. You can either rent it for $10 a month or buy it outright for $199.
The best way to get the Quantum Gateway router for free is to simply upgrade your Internet speed by one plan and they will usually give you the router for free. I was at 75/75 and upgraded to 100/100 and asked if they could throw in the router too for free, which they did.
If they tell you that increasing to that speed won’t qualify you, then just ask to be upgraded to something higher and then reduce your speed after they upgrade your router. For example, if you are at 25/25 and they say they can’t give you the new router if you upgrade to 50/50, just say you want to upgrade to 75/75. They will give you the new router for free and then you simply go online and reduce your speed to 50/50 two days later. A Verizon representative told me this trick!
If you can’t get the router that way, go to Amazon and you can get it for $142.50, saving you some money. You can also try on eBay and possibly score a better deal there. The one I got and the one pictured above is the G1100 gateway router.
The router has several advantages over the Actiontec router in terms of wireless features, but for me, the biggest draw was the MoCA 2.0 support. Once you have this router installed, how do you get MoCA 2.0 speeds on your other devices?
Well, since my house is connected via coax everywhere, I had to buy some MoCA 2.0 adapters. The one I purchased was from Actiontec. It’s a MoCA 2.0 Coax to Ethernet adapter and it’s pretty expensive.
I connected this adapter to the coax in my wall and connected the Ethernet out to a switch, which was connected to all my other devices like computers, etc. So what kind of speed improvement did I see? Well, baseline MoCA 2.0 can give you speeds up to 400 Mbps, which translates into about 50 MB/s. In my own tests, the speed increased to about 54 MB/s. This was almost five times faster than my previous speed!
There is also an enhanced MoCA 2.0 speed, which gives you a throughput up to 800 Mbps, but it has to be a bonded coax connection. There is a bonded MoCA adapter like the one shown above from Actiontec, but the G1100 router only supports MoCA 2.0 not bonded MoCA 2.0, so you can’t get those higher speeds.
Recent Posts How & Why? to [Create a New Gmail Account] for free | Gmail Signup| www.GMAIL.comLogin www.njmcdirect.com – Traffic Ticket online pay via NJMCDirect NJMCDirect : Traffic Ticket pay & Municipal Ticket Search Netgear Genie Mobile App for smartphone & Desktop Software for PC