Security researchers have discovered three vulnerabilities in a popular Verizon Fios router model that could have allowed hackers to take full control of the device.
The flaws, discovered by researchers at cybersecurity firm Tenable, affect Verizon’s Fios Quantum Gateway router, which is used by millions of customers of the telecommunications giant.
Verizon patched the bug in its latest software update after researchers tipped them off to the flaws in December.
While the attacks require a significant amount of effort to carry out, anyone savvy enough can gain root access to the device, giving them full control over it, as well as the ability to view every device connected to the router.
‘This type of attack is feasible for an attacker with an intermediate level of skill,’ Tenable Senior Researcher Chris Lyne told Threatpost.
‘The remote command injection does require the attacker to either know the administrative password or have captured and replayed a previous login request.
‘If remote administration is enabled on the router, the attack can be carried out from anywhere with an internet connection,’ he added.
The attacker would also need to be in range of the device, but if remote administration of the device is enabled, it could be executed remotely, Lyne said.