Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security Verizon Technology

Verizon Issues Patch For Vulnerabilities on Millions of Fios Routers (cnet.com) 20

Posted by msmash from the security-woes dept.
Verizon is sending out an update for millions of its routers after security researchers discovered vulnerabilities that could allow potential attackers to take over the devices. From a report: Researchers from Tenable, a security company, detailed three vulnerabilities with Verizon's Fios Quantum Gateway router on Tuesday. The company said it disclosed these security flaws to Verizon last December, and that the company issued a fix on March 13. Verizon said that a small percentage of its customers did not get the update automatically, and will still need a patch to protect against this security flaw. "We were recently made aware of three vulnerabilities related to login and password information on the Broadband Home Router Fios-G1100," a Verizon spokesman said in a statement.

"As soon as we were made aware of these vulnerabilities, we took immediate action to remediate them and are issuing patches." The company said that several customers with a particular type of router did not get the update, but said that people affected will not need to take any action. If your router's firmware is running version 02.02.00.13, you're up to date and safe from the vulnerabilities.
This discussion has been archived. No new comments can be posted.

Verizon Issues Patch For Vulnerabilities on Millions of Fios Routers More

Verizon Issues Patch For Vulnerabilities on Millions of Fios Routers

Comments Filter:

  • Actually, well done, Verizon. (Score:3)

    by flippy ( 62353 ) on Tuesday April 09, 2019 @04:28PM (#58411632) Homepage
    Being made aware of a vulnerability, producing a patch in a timely fashion, and pushing it out to vulnerable devices? Wow. That's actually well done.
    • Except when they did it, they added a redirect to an invalid certificate so you have to go through allowing the exception instead of just going to your login. So even when they fix something, they screw something else up.

  • I'd never allow their router on my network. Turns out I was correct.

    • Re: (Score:2)

      by flippy ( 62353 )

      I have a tendency to agree with you, I was just giving them props for doing what all the vendors should be doing, and doing it in a timely manner.

      I recently moved to an apartment where I get free wifi. In my old place, I paid for the internet access myself, and had a direct wired connection. Rather than reprogram all my devices, I got a wifi bridge, connected that to the wifi provided to me, and plugged my old router into the bridge's ethernet port. My router complained a little about double-nat, but it

    • I'd never allow their router on my network. Turns out I was correct.

      Except when you have to call support for something (like them randomly changing your service without your input or consent). No matter how many times you tell them "I don't have any of your hardware, you can't run tests past the ONT" there is still always a pause followed by "huh? I can't seem to communicate with the router/DVR".

      Still, while I'm not netsec guru I still trust my hardware/software picks much better than the garbage they want me to pay a monthly rental for. The occasional hassle of dealing wit

    • But they did fix the problem, that is better than most. Vulnerabilities happen, even for pfSense [netgate.com].
  • But completely deny us the ability to turn off UPnP.

    Seriously...unless they changed it in the last update....the page to disable UPnP is hidden; and even when you do manualy access it...it DOES NOT WORK.

    Any device plugged in to a FiOS router will get ports assigned to it over UPnP with zero questions asked.
    • It gets better than that. This update also disabled being able to rename the admin account, I had a custom admin name and password - perhaps that was part of the vulnerability - but it was not fun finding you were essentially locked out of your own router unless you entered the default password printed on the router. All with no warning.

      It also disabled mac filtering, completely gone from the UI and it seems some people had issues that had set mac filtering were now unable to connect those devices with th

  • Wonder about those of us poor saps that Verizon sold to Frontier...

    • I had been wondering the same thing.

      Of course, after they *badly* botched the rollover in my area, (including a more than one week internet outage in my case,) I dropped them and went with an alternative. Screw Frontier; I'm guessing they won't patch those old Verizon routers anytime soon.

  • Why would you use the router that comes with a Fios service?

    • Because they actually fix their vulnerabilities?
      Because it does what I need and just works?
      Because it was free? (although it is a monthly fee for most now)
      If it breaks, they replace it for free
      Not everyone needs a network war room

      - things I don't use but should be included for completeness -
      Because it works with their TV service and STBs.
      Because getting support if a customer has an issue is easier, they don't tech support third party routers.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close