Verizon patches FiOS routers to fix three security flaws
Your device should have v2.02 or higher.
Of all the home network devices we need to keep secure, there might not be any one more important than the router itself. For Verizon (the owner of Engadget's parent company) FiOS home internet customers, it's time to double check that your gear has been updated with the latest firmware update after Tenable Research identified several vulnerabilities in the Quantum Gateway G1100. If exploited, someone could control it and
According to a breakdown of the vulnerabilities, they would mostly require someone to be connected on the local network itself, however it could also be vulnerable if remote administration is enabled and someone had the credentials that are printed on a sticker attached to the device. Tenable notified Verizon of the problem in December, and a firmware update to fix affected devices started rolling out March 1st. As Bleeping Computer notes, at least one person reported some issues after it was installed, although it was resolved after a factory reset of the device.
While Verizon said the fix has been fully deployed, a "small percentage" of customers apparently still needed to be patched as of April 5th. In a statement, the company said "We were recently made aware of three vulnerabilities related to login and password information on the Broadband Home Router Fios-G1100. As soon as we were made aware of these vulnerabilities, we took immediate action to remediate them and are issuing patches. We have no evidence of abuse and there is no action required of our consumers."
If you have one of these routers in your house, then you should doublecheck the settings to make sure it's running firmware with a version number of 2.02 or higher. There's a blog post breaking down exactly how the researcher uncovered the issues and showing the exploit at work, so make sure that you're patched and then get educated.
Update: The correct new firmware version number is 2.02, not 2.2.
