Details of VAR-201307-0386

ID

VAR-201307-0386

CVE

CVE-2013-4874

TITLE

Verizon Wireless Network Extender multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#458007

DESCRIPTION

The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable. iSEC Partners has reported that the Verizon Wireless Network Extender models SCS-26UC4 and SCS-2U01 made by Samsung are susceptible to a local compromise using a custom HDMI cable. Once compromised the device can be used to eavesdrop on voice, text and data communication for mobile devices that connect to the Network Extender. The Verizon Wireless Network Extender is a low-power cellular base station that provides Internet services using an Internet connection. The Verizon Wireless Network Extender has multiple security vulnerabilities to increase permissions or clone other user phones. Use a special console cable to connect to the device and submit a special command sequence to get the root shell. Use the SysReq (System Request) interrupt to gain access to the console and obtain the root shell. In addition, Network Extender does not use Cellular Authentication and Voice Encryption (CAVE) authentication. For mobile phone authentication, the device only uses ESN and MIN. These numbers can physically access the phone or sniff the registration message sent to Network Extender for acquisition. Defects and incorrect validation can be done by running custom code on the Network Extender and going to any phone's ESN and MIN, using these numbers to clone the phone without physical access. A local attacker exploits the vulnerability to escalate permissions and clones the phone. Attackers can use these vulnerabilities to execute arbitrary code with elevated privileges and take complete control of the device. This BID is being retired

Trust: 4.05

sources: NVD: CVE-2013-4874 // CERT/CC: VU#458007 // JVNDB: JVNDB-2013-003458 // CNVD: CNVD-2013-10005 // CNNVD: CNNVD-201307-296 // BID: 61169 // BID: 61395 // VULHUB: VHN-64876

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-10005

AFFECTED PRODUCTS

vendor:	verizon	model:	wireless network extender	scope:	eq	version:	scs-26uc4	Trust: 1.6
vendor:	samsung	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	verizon	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	verizon	model:	network extender	scope:	eq	version:	scs-26uc4	Trust: 0.8
vendor:	verizon	model:	wireless network extender models scs-26uc4	scope:	-	version:	-	Trust: 0.6
vendor:	verizon	model:	wireless network extender models scs-2u01	scope:	-	version:	-	Trust: 0.6
vendor:	verizon	model:	wireless network extender scs-26uc4	scope:	eq	version:	0	Trust: 0.3

sources: CERT/CC: VU#458007 // CNVD: CNVD-2013-10005 // BID: 61395 // JVNDB: JVNDB-2013-003458 // CNNVD: CNNVD-201307-414 // NVD: CVE-2013-4874

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-4874
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-4874
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-10005
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201307-414
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-64876
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-4874
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-10005
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-64876
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-10005 // VULHUB: VHN-64876 // JVNDB: JVNDB-2013-003458 // CNNVD: CNNVD-201307-414 // NVD: CVE-2013-4874

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-64876 // JVNDB: JVNDB-2013-003458 // NVD: CVE-2013-4874

THREAT TYPE

local

Trust: 1.8

sources: BID: 61169 // BID: 61395 // CNNVD: CNNVD-201307-296 // CNNVD: CNNVD-201307-414

TYPE

Unknown

Trust: 0.6

sources: BID: 61169 // BID: 61395

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003458

PATCH

title:	Verizon Wireless Network Extender	url:	http://www.verizonwireless.com/b2c/device/network-extender	Trust: 0.8
title:	Patch for multiple local privilege escalation vulnerabilities in the Verizon Wireless Network Extender	url:	https://www.cnvd.org.cn/patchInfo/show/36382	Trust: 0.6

sources: CNVD: CNVD-2013-10005 // JVNDB: JVNDB-2013-003458

EXTERNAL IDS

db:	CERT/CC	id:	VU#458007	Trust: 4.2
db:	NVD	id:	CVE-2013-4874	Trust: 2.8
db:	BID	id:	61169	Trust: 2.6
db:	JVN	id:	JVNVU94014626	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-003458	Trust: 0.8
db:	CNVD	id:	CNVD-2013-10005	Trust: 0.6
db:	CNNVD	id:	CNNVD-201307-296	Trust: 0.6
db:	CNNVD	id:	CNNVD-201307-414	Trust: 0.6
db:	BID	id:	61395	Trust: 0.4
db:	VULHUB	id:	VHN-64876	Trust: 0.1

sources: CERT/CC: VU#458007 // CNVD: CNVD-2013-10005 // VULHUB: VHN-64876 // BID: 61169 // BID: 61395 // JVNDB: JVNDB-2013-003458 // CNNVD: CNNVD-201307-296 // CNNVD: CNNVD-201307-414 // NVD: CVE-2013-4874

REFERENCES

url:	http://www.kb.cert.org/vuls/id/458007	Trust: 3.4
url:	http://www.kb.cert.org/vuls/id/bluu-997m5b	Trust: 2.5
url:	http://www.securityfocus.com/bid/61169	Trust: 1.7
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4874	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu94014626/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4874	Trust: 0.8
url:	http://www.verizonwireless.com/b2c/device/network-extender?	Trust: 0.3

sources: CERT/CC: VU#458007 // CNVD: CNVD-2013-10005 // VULHUB: VHN-64876 // BID: 61395 // JVNDB: JVNDB-2013-003458 // CNNVD: CNNVD-201307-296 // CNNVD: CNNVD-201307-414 // NVD: CVE-2013-4874

CREDITS

iSEC Partners

Trust: 0.9

sources: BID: 61169 // CNNVD: CNNVD-201307-296

SOURCES

db:	CERT/CC	id:	VU#458007
db:	CNVD	id:	CNVD-2013-10005
db:	VULHUB	id:	VHN-64876
db:	BID	id:	61169
db:	BID	id:	61395
db:	JVNDB	id:	JVNDB-2013-003458
db:	CNNVD	id:	CNNVD-201307-296
db:	CNNVD	id:	CNNVD-201307-414
db:	NVD	id:	CVE-2013-4874

LAST UPDATE DATE

2025-04-11T22:53:17.908000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#458007	date:	2013-07-23T00:00:00
db:	CNVD	id:	CNVD-2013-10005	date:	2013-07-19T00:00:00
db:	VULHUB	id:	VHN-64876	date:	2013-08-22T00:00:00
db:	BID	id:	61169	date:	2013-07-23T02:23:00
db:	BID	id:	61395	date:	2013-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2013-003458	date:	2013-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201307-296	date:	2013-07-19T00:00:00
db:	CNNVD	id:	CNNVD-201307-414	date:	2013-07-19T00:00:00
db:	NVD	id:	CVE-2013-4874	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#458007	date:	2013-07-15T00:00:00
db:	CNVD	id:	CNVD-2013-10005	date:	2013-07-19T00:00:00
db:	VULHUB	id:	VHN-64876	date:	2013-07-18T00:00:00
db:	BID	id:	61169	date:	2013-07-15T00:00:00
db:	BID	id:	61395	date:	2013-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2013-003458	date:	2013-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201307-296	date:	2013-07-19T00:00:00
db:	CNNVD	id:	CNNVD-201307-414	date:	2013-07-19T00:00:00
db:	NVD	id:	CVE-2013-4874	date:	2013-07-18T16:51:40.373