Tenable Discloses Verizon Fios Router Vulnerabilities

Millions of homes across America have Verizon's Fios Quantum Gateway router as their primary conduit to the internet, and many of them could be at risk, according to new research from security firm Tenable. On April 9, Tenable publicly disclosed that it was able to find multiple vulnerabilities in the Verizon Fios Quantum Gateway (G1000) router. The impact of the flaws is that a remote attacker could potentially get unauthorized access to the router and, by extension, the user's entire network. Tenable responsibly disclosed the vulnerabilities to Verizon in December 2018 and waited until Verizon released a firmware update fixing the issues before issuing the public disclosure. "There are three separate flaws," Chris Lyne, senior research engineer at Tenable, told eWEEK. "However, the most impactful flaw is the authenticated command injection (CVE-2019-3914). This is remotely exploitable." The Verizon Fios Quantum Gateway was developed by Verizon and Greenwave Systems, and it is the default router that Verizon provides to its Fios customers. Lyne first notified Verizon about the issues on Dec. 11, 2018, and received a reply from the Verizon Incident Response Team a day later. He noted that the 02.02.00.13 firmware update fixes the issues, and Verizon is in the process of auto-updating all affected devices.