Details of VAR-201307-0387

ID

VAR-201307-0387

CVE

CVE-2013-4875

TITLE

Verizon Wireless Network Extender multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#458007

DESCRIPTION

The Uboot bootloader on the Verizon Wireless Network Extender SCS-2U01 allows physically proximate attackers to bypass the intended boot process and obtain a login prompt by connecting a crafted HDMI cable and sending a SysReq interrupt. iSEC Partners has reported that the Verizon Wireless Network Extender models SCS-26UC4 and SCS-2U01 made by Samsung are susceptible to a local compromise using a custom HDMI cable. Once compromised the device can be used to eavesdrop on voice, text and data communication for mobile devices that connect to the Network Extender. The Verizon Wireless Network Extender is a low-power cellular base station that provides Internet services using an Internet connection. The Verizon Wireless Network Extender has multiple security vulnerabilities to increase permissions or clone other user phones. Use a special console cable to connect to the device and submit a special command sequence to get the root shell. Use the SysReq (System Request) interrupt to gain access to the console and obtain the root shell. In addition, Network Extender does not use Cellular Authentication and Voice Encryption (CAVE) authentication. For mobile phone authentication, the device only uses ESN and MIN. These numbers can physically access the phone or sniff the registration message sent to Network Extender for acquisition. Defects and incorrect validation can be done by running custom code on the Network Extender and going to any phone's ESN and MIN, using these numbers to clone the phone without physical access. A local attacker exploits the vulnerability to escalate permissions and clones the phone. Attackers can use these vulnerabilities to execute arbitrary code with elevated privileges and take complete control of the device. This BID is being retired

Trust: 4.05

sources: NVD: CVE-2013-4875 // CERT/CC: VU#458007 // JVNDB: JVNDB-2013-003459 // CNVD: CNVD-2013-10005 // CNNVD: CNNVD-201307-296 // BID: 61169 // BID: 61394 // VULHUB: VHN-64877

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-10005

AFFECTED PRODUCTS

vendor:	verizon	model:	wireless network extender	scope:	eq	version:	scs-2u01	Trust: 1.6
vendor:	samsung	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	verizon	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	verizon	model:	network extender	scope:	eq	version:	scs-2u01	Trust: 0.8
vendor:	verizon	model:	wireless network extender models scs-26uc4	scope:	-	version:	-	Trust: 0.6
vendor:	verizon	model:	wireless network extender models scs-2u01	scope:	-	version:	-	Trust: 0.6
vendor:	verizon	model:	wireless network extender scs-2u01	scope:	eq	version:	0	Trust: 0.3

sources: CERT/CC: VU#458007 // CNVD: CNVD-2013-10005 // BID: 61394 // JVNDB: JVNDB-2013-003459 // CNNVD: CNNVD-201307-415 // NVD: CVE-2013-4875

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-4875
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-4875
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-10005
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201307-415
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-64877
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-4875
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-10005
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-64877
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-10005 // VULHUB: VHN-64877 // JVNDB: JVNDB-2013-003459 // CNNVD: CNNVD-201307-415 // NVD: CVE-2013-4875

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-64877 // JVNDB: JVNDB-2013-003459 // NVD: CVE-2013-4875

THREAT TYPE

local

Trust: 1.8

sources: BID: 61169 // BID: 61394 // CNNVD: CNNVD-201307-296 // CNNVD: CNNVD-201307-415

TYPE

Unknown

Trust: 0.6

sources: BID: 61169 // BID: 61394

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003459

PATCH

title:	Verizon Wireless Network Extender	url:	http://www.verizonwireless.com/b2c/device/network-extender	Trust: 0.8
title:	Patch for multiple local privilege escalation vulnerabilities in the Verizon Wireless Network Extender	url:	https://www.cnvd.org.cn/patchInfo/show/36382	Trust: 0.6

sources: CNVD: CNVD-2013-10005 // JVNDB: JVNDB-2013-003459

EXTERNAL IDS

db:	CERT/CC	id:	VU#458007	Trust: 4.2
db:	NVD	id:	CVE-2013-4875	Trust: 2.8
db:	BID	id:	61169	Trust: 2.6
db:	JVN	id:	JVNVU94014626	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-003459	Trust: 0.8
db:	CNVD	id:	CNVD-2013-10005	Trust: 0.6
db:	CNNVD	id:	CNNVD-201307-296	Trust: 0.6
db:	CNNVD	id:	CNNVD-201307-415	Trust: 0.6
db:	BID	id:	61394	Trust: 0.4
db:	VULHUB	id:	VHN-64877	Trust: 0.1

sources: CERT/CC: VU#458007 // CNVD: CNVD-2013-10005 // VULHUB: VHN-64877 // BID: 61169 // BID: 61394 // JVNDB: JVNDB-2013-003459 // CNNVD: CNNVD-201307-296 // CNNVD: CNNVD-201307-415 // NVD: CVE-2013-4875

REFERENCES

url:	http://www.kb.cert.org/vuls/id/458007	Trust: 3.4
url:	http://www.kb.cert.org/vuls/id/bluu-997m5b	Trust: 2.5
url:	http://www.securityfocus.com/bid/61169	Trust: 1.7
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4875	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu94014626/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4875	Trust: 0.8
url:	http://www.verizonwireless.com/b2c/device/network-extender?	Trust: 0.3

sources: CERT/CC: VU#458007 // CNVD: CNVD-2013-10005 // VULHUB: VHN-64877 // BID: 61394 // JVNDB: JVNDB-2013-003459 // CNNVD: CNNVD-201307-296 // CNNVD: CNNVD-201307-415 // NVD: CVE-2013-4875

CREDITS

iSEC Partners

Trust: 0.9

sources: BID: 61169 // CNNVD: CNNVD-201307-296

SOURCES

db:	CERT/CC	id:	VU#458007
db:	CNVD	id:	CNVD-2013-10005
db:	VULHUB	id:	VHN-64877
db:	BID	id:	61169
db:	BID	id:	61394
db:	JVNDB	id:	JVNDB-2013-003459
db:	CNNVD	id:	CNNVD-201307-296
db:	CNNVD	id:	CNNVD-201307-415
db:	NVD	id:	CVE-2013-4875

LAST UPDATE DATE

2025-04-11T22:53:17.810000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#458007	date:	2013-07-23T00:00:00
db:	CNVD	id:	CNVD-2013-10005	date:	2013-07-19T00:00:00
db:	VULHUB	id:	VHN-64877	date:	2013-08-22T00:00:00
db:	BID	id:	61169	date:	2013-07-23T02:23:00
db:	BID	id:	61394	date:	2013-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2013-003459	date:	2013-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201307-296	date:	2013-07-19T00:00:00
db:	CNNVD	id:	CNNVD-201307-415	date:	2013-07-19T00:00:00
db:	NVD	id:	CVE-2013-4875	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#458007	date:	2013-07-15T00:00:00
db:	CNVD	id:	CNVD-2013-10005	date:	2013-07-19T00:00:00
db:	VULHUB	id:	VHN-64877	date:	2013-07-18T00:00:00
db:	BID	id:	61169	date:	2013-07-15T00:00:00
db:	BID	id:	61394	date:	2013-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2013-003459	date:	2013-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201307-296	date:	2013-07-19T00:00:00
db:	CNNVD	id:	CNNVD-201307-415	date:	2013-07-19T00:00:00
db:	NVD	id:	CVE-2013-4875	date:	2013-07-18T16:51:40.383