cvelistv5 - cve-2013-4876

CVE-2013-4876 (GCVE-0-2013-4876)

Vulnerability from cvelistv5 – Published: 2013-07-18 14:00 – Updated: 2024-09-16 19:14

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

FKIE_CVE-2013-4876

Vulnerability from fkie_nvd - Published: 2013-07-18 16:51 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://www.kb.cert.org/vuls/id/458007	US Government Resource
cve@mitre.org	http://www.kb.cert.org/vuls/id/BLUU-997M5B	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/458007	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/BLUU-997M5B	US Government Resource

Impacted products

	Vendor	Product	Version
	verizon	wireless_network_extender	scs-2u01

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:verizon:wireless_network_extender:scs-2u01:*:*:*:*:*:*:*",
              "matchCriteriaId": "D36CAEBA-1928-4DD0-B5DC-7A05B4C4FED7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers to obtain administrative access by leveraging a login prompt."
    },
    {
      "lang": "es",
      "value": "El Verizon Wireless Network Extender SCS-26UC4 tiene un password embebido para la cuenta de root, lo que hace m\u00e1s facil para un atacante f\u00edsicamente pr\u00f3ximo obtener acceso administrativo mediante el aprovechamiento de un prompt de login."
    }
  ],
  "id": "CVE-2013-4876",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 1.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-07-18T16:51:40.393",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/458007"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/458007"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-XGQ4-7R7J-VF39

Vulnerability from github – Published: 2022-05-17 05:07 – Updated: 2022-05-17 05:07

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-4876"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-07-18T16:51:00Z",
    "severity": "MODERATE"
  },
  "details": "The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers to obtain administrative access by leveraging a login prompt.",
  "id": "GHSA-xgq4-7r7j-vf39",
  "modified": "2022-05-17T05:07:24Z",
  "published": "2022-05-17T05:07:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4876"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/458007"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-201307-0388

Vulnerability from variot - Updated: 2023-12-18 12:38

The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers to obtain administrative access by leveraging a login prompt. iSEC Partners has reported that the Verizon Wireless Network Extender models SCS-26UC4 and SCS-2U01 made by Samsung are susceptible to a local compromise using a custom HDMI cable. Once compromised the device can be used to eavesdrop on voice, text and data communication for mobile devices that connect to the Network Extender. The Verizon Wireless Network Extender is a low-power cellular base station that provides Internet services using an Internet connection. The Verizon Wireless Network Extender has multiple security vulnerabilities to increase permissions or clone other user phones. Use a special console cable to connect to the device and submit a special command sequence to get the root shell. Use the SysReq (System Request) interrupt to gain access to the console and obtain the root shell. In addition, Network Extender does not use Cellular Authentication and Voice Encryption (CAVE) authentication. For mobile phone authentication, the device only uses ESN and MIN. These numbers can physically access the phone or sniff the registration message sent to Network Extender for acquisition. Defects and incorrect validation can be done by running custom code on the Network Extender and going to any phone's ESN and MIN, using these numbers to clone the phone without physical access. A local attacker exploits the vulnerability to escalate permissions and clones the phone. An attacker could exploit this vulnerability to bypass certain security restrictions and perform unauthorized actions. Attackers can use these vulnerabilities to execute arbitrary code with elevated privileges and take complete control of the device. This BID is being retired. The vulnerability stems from the program's use of a hardcoded password for the root account

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201307-0388",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "wireless network extender",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "verizon",
        "version": "scs-2u01"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "verizon",
        "version": null
      },
      {
        "model": "network extender",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "verizon",
        "version": "scs-2u01"
      },
      {
        "model": "wireless network extender models scs-26uc4",
        "scope": null,
        "trust": 0.6,
        "vendor": "verizon",
        "version": null
      },
      {
        "model": "wireless network extender models scs-2u01",
        "scope": null,
        "trust": 0.6,
        "vendor": "verizon",
        "version": null
      },
      {
        "model": "wireless network extender scs-2u01",
        "scope": null,
        "trust": 0.6,
        "vendor": "verizon",
        "version": null
      },
      {
        "model": "wireless network extender scs-2u01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "verizon",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#458007"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-10005"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-10689"
      },
      {
        "db": "BID",
        "id": "61357"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003460"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4876"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-416"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:verizon:wireless_network_extender:scs-2u01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-4876"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "iSEC Partners",
    "sources": [
      {
        "db": "BID",
        "id": "61169"
      },
      {
        "db": "BID",
        "id": "61357"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-296"
      }
    ],
    "trust": 1.2
  },
  "cve": "CVE-2013-4876",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 1.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 6.2,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2013-4876",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 1.9,
            "id": "CNVD-2013-10005",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 1.9,
            "id": "CNVD-2013-10689",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 1.9,
            "id": "VHN-64878",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:H/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-4876",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2013-10005",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2013-10689",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201307-416",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-64878",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-10005"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-10689"
      },
      {
        "db": "VULHUB",
        "id": "VHN-64878"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003460"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4876"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-416"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers to obtain administrative access by leveraging a login prompt. iSEC Partners has reported that the Verizon Wireless Network Extender models SCS-26UC4 and SCS-2U01 made by Samsung are susceptible to a local compromise using a custom HDMI cable.  Once compromised the device can be used to  eavesdrop on voice, text and data communication for mobile devices that connect to the Network Extender. The Verizon Wireless Network Extender is a low-power cellular base station that provides Internet services using an Internet connection. The Verizon Wireless Network Extender has multiple security vulnerabilities to increase permissions or clone other user phones. Use a special console cable to connect to the device and submit a special command sequence to get the root shell. Use the SysReq (System Request) interrupt to gain access to the console and obtain the root shell. In addition, Network Extender does not use Cellular Authentication and Voice Encryption (CAVE) authentication. For mobile phone authentication, the device only uses ESN and MIN. These numbers can physically access the phone or sniff the registration message sent to Network Extender for acquisition. Defects and incorrect validation can be done by running custom code on the Network Extender and going to any phone\u0027s ESN and MIN, using these numbers to clone the phone without physical access. A local attacker exploits the vulnerability to escalate permissions and clones the phone. An attacker could exploit this vulnerability to bypass certain security restrictions and perform unauthorized actions. Attackers can use these vulnerabilities to execute arbitrary code with elevated privileges and take complete control of the device. \nThis BID is being retired. The vulnerability stems from the program\u0027s use of a hardcoded password for the root account",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-4876"
      },
      {
        "db": "CERT/CC",
        "id": "VU#458007"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003460"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-10005"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-10689"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-296"
      },
      {
        "db": "BID",
        "id": "61169"
      },
      {
        "db": "BID",
        "id": "61357"
      },
      {
        "db": "VULHUB",
        "id": "VHN-64878"
      }
    ],
    "trust": 4.59
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#458007",
        "trust": 4.8
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4876",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "61169",
        "trust": 1.5
      },
      {
        "db": "BID",
        "id": "61357",
        "trust": 1.0
      },
      {
        "db": "JVN",
        "id": "JVNVU94014626",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003460",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-416",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-10005",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-10689",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-296",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-64878",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#458007"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-10005"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-10689"
      },
      {
        "db": "VULHUB",
        "id": "VHN-64878"
      },
      {
        "db": "BID",
        "id": "61169"
      },
      {
        "db": "BID",
        "id": "61357"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003460"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4876"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-296"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-416"
      }
    ]
  },
  "id": "VAR-201307-0388",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-10005"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-10689"
      },
      {
        "db": "VULHUB",
        "id": "VHN-64878"
      }
    ],
    "trust": 2.1611111000000003
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 1.2
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-10005"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-10689"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:38:32.364000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Verizon Wireless Network Extender",
        "trust": 0.8,
        "url": "http://www.verizonwireless.com/b2c/device/network-extender"
      },
      {
        "title": "Patch for multiple local privilege escalation vulnerabilities in the Verizon Wireless Network Extender",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/36382"
      },
      {
        "title": "Verizon Wireless Network Extender hardcoded password security bypass vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/36473"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-10005"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-10689"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003460"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-255",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-64878"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003460"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4876"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "http://www.kb.cert.org/vuls/id/458007"
      },
      {
        "trust": 3.1,
        "url": "http://www.kb.cert.org/vuls/id/bluu-997m5b"
      },
      {
        "trust": 0.8,
        "url": "about vulnerability notes"
      },
      {
        "trust": 0.8,
        "url": "contact us about this vulnerability"
      },
      {
        "trust": 0.8,
        "url": "provide a vendor statement"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4876"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu94014626/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4876"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/61169"
      },
      {
        "trust": 0.3,
        "url": "http://www.verizonwireless.com/b2c/device/network-extender?"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#458007"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-10005"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-10689"
      },
      {
        "db": "VULHUB",
        "id": "VHN-64878"
      },
      {
        "db": "BID",
        "id": "61357"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003460"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4876"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-296"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-416"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#458007"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-10005"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-10689"
      },
      {
        "db": "VULHUB",
        "id": "VHN-64878"
      },
      {
        "db": "BID",
        "id": "61169"
      },
      {
        "db": "BID",
        "id": "61357"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003460"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4876"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-296"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-416"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-07-15T00:00:00",
        "db": "CERT/CC",
        "id": "VU#458007"
      },
      {
        "date": "2013-07-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-10005"
      },
      {
        "date": "2013-07-26T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-10689"
      },
      {
        "date": "2013-07-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-64878"
      },
      {
        "date": "2013-07-15T00:00:00",
        "db": "BID",
        "id": "61169"
      },
      {
        "date": "2013-07-16T00:00:00",
        "db": "BID",
        "id": "61357"
      },
      {
        "date": "2013-07-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-003460"
      },
      {
        "date": "2013-07-18T16:51:40.393000",
        "db": "NVD",
        "id": "CVE-2013-4876"
      },
      {
        "date": "2013-07-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201307-296"
      },
      {
        "date": "2013-07-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201307-416"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-07-23T00:00:00",
        "db": "CERT/CC",
        "id": "VU#458007"
      },
      {
        "date": "2013-07-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-10005"
      },
      {
        "date": "2013-07-26T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-10689"
      },
      {
        "date": "2013-07-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-64878"
      },
      {
        "date": "2013-07-23T02:23:00",
        "db": "BID",
        "id": "61169"
      },
      {
        "date": "2013-07-16T00:00:00",
        "db": "BID",
        "id": "61357"
      },
      {
        "date": "2013-07-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-003460"
      },
      {
        "date": "2013-07-19T04:00:00",
        "db": "NVD",
        "id": "CVE-2013-4876"
      },
      {
        "date": "2013-07-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201307-296"
      },
      {
        "date": "2013-07-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201307-416"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "61169"
      },
      {
        "db": "BID",
        "id": "61357"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-296"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-416"
      }
    ],
    "trust": 1.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Verizon Wireless Network Extender multiple vulnerabilities",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#458007"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-296"
      }
    ],
    "trust": 0.6
  }
}

GSD-2013-4876

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-4876

Aliases

CVE-2013-4876

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-4876",
    "description": "The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers to obtain administrative access by leveraging a login prompt.",
    "id": "GSD-2013-4876"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-4876"
      ],
      "details": "The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers to obtain administrative access by leveraging a login prompt.",
      "id": "GSD-2013-4876",
      "modified": "2023-12-13T01:22:16.527753Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2013-4876",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers to obtain administrative access by leveraging a login prompt."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.kb.cert.org/vuls/id/BLUU-997M5B",
            "refsource": "MISC",
            "url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
          },
          {
            "name": "VU#458007",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/458007"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:verizon:wireless_network_extender:scs-2u01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-4876"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers to obtain administrative access by leveraging a login prompt."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-255"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#458007",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/458007"
            },
            {
              "name": "http://www.kb.cert.org/vuls/id/BLUU-997M5B",
              "refsource": "MISC",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 1.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2013-07-19T04:00Z",
      "publishedDate": "2013-07-18T16:51Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-4876 (GCVE-0-2013-4876)

FKIE_CVE-2013-4876

GHSA-XGQ4-7R7J-VF39

VAR-201307-0388

GSD-2013-4876

Tags

Sightings

Nomenclature