Verizon Fios customers will need to run a firmware update to patch their routers against three newly discovered bugs.
Verizon has patched a trio of vulnerabilities in a router commonly used by millions of customers of the company's Fios bundled Internet access, phone and TV service.
The flaws, in Verizon's Quantum Gateway routers, if exploited, could give attackers complete control over and visibility into all devices connected to it, a researcher from security vendor Tenable reported Tuesday.
The most significant of the three flaws is a command injection flaw (CVE-2019-3914) because it allows an attacker to gain root access to the router, Tenable's security researcher Chris Lyne wrote in a blog Tuesday. An attacker can trigger the vulnerability "by adding a firewall access control role for a network object with a crafted name," he said.