April 9, 2019
Threat actors could gain complete control of home routers and access to network traffic without needing physical access to the device
Tenable®, Inc., the Cyber Exposure company, today announced that its research team has discovered multiple vulnerabilities in Verizon Fios Quantum Gateway routers. If exploited, the vulnerabilities would give an attacker complete control over the router and visibility into everything connected to it. Millions of these devices are currently in use in U.S. homes.
The rise of the smart home has turned the humble router into a top target for cybercriminals. These latest vulnerabilities discovered by Tenable Research (CVE-2019-3914, CVE-2019-3915 and CVE-2019-3916) enable a number of attack scenarios that extend to smart devices, such as home security systems, that are connected to the router and can be compromised remotely. An attacker could tamper with the security settings of the device, change firewall rules or remove parental controls. They could sniff network traffic to further compromise a victim’s online accounts, steal bank details and swipe passwords.
“Routers are the central hub of every smart home today. They keep us connected to the corners of the internet, secure our homes and, even, remotely unlock doors,” said Renaud Deraison, co-founder and chief technology officer, Tenable. “However, they also act as a virtual entry point into the very heart of the modern home, controlling not just what goes out, but also who comes in.”
Verizon has advised that firmware version 02.02.00.13 will address these vulnerabilities and that affected devices will be updated remotely. Users are urged to confirm their device is updated to this version and to contact Verizon with any questions.
For more technical information on the vulnerabilities, read the Tenable Research blog post on Medium.
Tenable®, Inc. is the Cyber Exposure company. Over 27,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.