Verizon launches patch for router vulnerability

Out of all possible vulnerabilities the hardware we use on daily basis may have, the ones which allow hackers a full takeover of the device is probably the one which sounds most ominous. Well, one of these vulnerabilities, dubbed CVE-2019-3914, was discovered late last year in the Fios Quantum Gateway residential routers, usually issued by Verizon, meaning "millions" of users could be at risk. The flaw was discovered by security firm Tenable, which noted it could be “allowing an authenticated attacker to execute arbitrary commands with root privileges.” “This issue exists due to the way firewall access control rules are processed. Specifically, the vulnerability can be triggered by adding an access control rule for a network object with a crafted host name,” Tenable explained in an advisory. The caveat is that whoever would want full takeover, would require credentials for the router’s web interface. Not an easy thing to do, but definitely not impossible, especially with today’s social engineering tactics hackers often (successfully) deploy.