Details of VAR-201307-0388

ID

VAR-201307-0388

CVE

CVE-2013-4876

TITLE

Verizon Wireless Network Extender multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#458007

DESCRIPTION

The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers to obtain administrative access by leveraging a login prompt. iSEC Partners has reported that the Verizon Wireless Network Extender models SCS-26UC4 and SCS-2U01 made by Samsung are susceptible to a local compromise using a custom HDMI cable. Once compromised the device can be used to eavesdrop on voice, text and data communication for mobile devices that connect to the Network Extender. The Verizon Wireless Network Extender is a low-power cellular base station that provides Internet services using an Internet connection. The Verizon Wireless Network Extender has multiple security vulnerabilities to increase permissions or clone other user phones. Use a special console cable to connect to the device and submit a special command sequence to get the root shell. Use the SysReq (System Request) interrupt to gain access to the console and obtain the root shell. In addition, Network Extender does not use Cellular Authentication and Voice Encryption (CAVE) authentication. For mobile phone authentication, the device only uses ESN and MIN. These numbers can physically access the phone or sniff the registration message sent to Network Extender for acquisition. Defects and incorrect validation can be done by running custom code on the Network Extender and going to any phone's ESN and MIN, using these numbers to clone the phone without physical access. A local attacker exploits the vulnerability to escalate permissions and clones the phone. An attacker could exploit this vulnerability to bypass certain security restrictions and perform unauthorized actions. Attackers can use these vulnerabilities to execute arbitrary code with elevated privileges and take complete control of the device. This BID is being retired. The vulnerability stems from the program's use of a hardcoded password for the root account

Trust: 4.59

sources: NVD: CVE-2013-4876 // CERT/CC: VU#458007 // JVNDB: JVNDB-2013-003460 // CNVD: CNVD-2013-10005 // CNVD: CNVD-2013-10689 // CNNVD: CNNVD-201307-296 // BID: 61169 // BID: 61357 // VULHUB: VHN-64878

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 1.2

sources: CNVD: CNVD-2013-10005 // CNVD: CNVD-2013-10689

AFFECTED PRODUCTS

vendor:	verizon	model:	wireless network extender	scope:	eq	version:	scs-2u01	Trust: 1.6
vendor:	samsung	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	verizon	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	verizon	model:	network extender	scope:	eq	version:	scs-2u01	Trust: 0.8
vendor:	verizon	model:	wireless network extender models scs-26uc4	scope:	-	version:	-	Trust: 0.6
vendor:	verizon	model:	wireless network extender models scs-2u01	scope:	-	version:	-	Trust: 0.6
vendor:	verizon	model:	wireless network extender scs-2u01	scope:	-	version:	-	Trust: 0.6
vendor:	verizon	model:	wireless network extender scs-2u01	scope:	eq	version:	0	Trust: 0.3

sources: CERT/CC: VU#458007 // CNVD: CNVD-2013-10005 // CNVD: CNVD-2013-10689 // BID: 61357 // JVNDB: JVNDB-2013-003460 // CNNVD: CNNVD-201307-416 // NVD: CVE-2013-4876

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-4876
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-4876
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-10005
value:	MEDIUM
Trust: 0.6
CNVD:	CNVD-2013-10689
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201307-416
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-64878
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-4876
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-10005
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2013-10689
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-64878
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-10005 // CNVD: CNVD-2013-10689 // VULHUB: VHN-64878 // JVNDB: JVNDB-2013-003460 // CNNVD: CNNVD-201307-416 // NVD: CVE-2013-4876

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.9

sources: VULHUB: VHN-64878 // JVNDB: JVNDB-2013-003460 // NVD: CVE-2013-4876

THREAT TYPE

local

Trust: 1.8

sources: BID: 61169 // BID: 61357 // CNNVD: CNNVD-201307-296 // CNNVD: CNNVD-201307-416

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201307-296

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003460

PATCH

title:	Verizon Wireless Network Extender	url:	http://www.verizonwireless.com/b2c/device/network-extender	Trust: 0.8
title:	Patch for multiple local privilege escalation vulnerabilities in the Verizon Wireless Network Extender	url:	https://www.cnvd.org.cn/patchInfo/show/36382	Trust: 0.6
title:	Verizon Wireless Network Extender hardcoded password security bypass vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/36473	Trust: 0.6

sources: CNVD: CNVD-2013-10005 // CNVD: CNVD-2013-10689 // JVNDB: JVNDB-2013-003460

EXTERNAL IDS

db:	CERT/CC	id:	VU#458007	Trust: 4.8
db:	NVD	id:	CVE-2013-4876	Trust: 3.4
db:	BID	id:	61169	Trust: 1.5
db:	BID	id:	61357	Trust: 1.0
db:	JVN	id:	JVNVU94014626	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-003460	Trust: 0.8
db:	CNNVD	id:	CNNVD-201307-416	Trust: 0.7
db:	CNVD	id:	CNVD-2013-10005	Trust: 0.6
db:	CNVD	id:	CNVD-2013-10689	Trust: 0.6
db:	CNNVD	id:	CNNVD-201307-296	Trust: 0.6
db:	VULHUB	id:	VHN-64878	Trust: 0.1

sources: CERT/CC: VU#458007 // CNVD: CNVD-2013-10005 // CNVD: CNVD-2013-10689 // VULHUB: VHN-64878 // BID: 61169 // BID: 61357 // JVNDB: JVNDB-2013-003460 // CNNVD: CNNVD-201307-296 // CNNVD: CNNVD-201307-416 // NVD: CVE-2013-4876

REFERENCES

url:	http://www.kb.cert.org/vuls/id/458007	Trust: 3.4
url:	http://www.kb.cert.org/vuls/id/bluu-997m5b	Trust: 3.1
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4876	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu94014626/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4876	Trust: 0.8
url:	http://www.securityfocus.com/bid/61169	Trust: 0.6
url:	http://www.verizonwireless.com/b2c/device/network-extender?	Trust: 0.3

sources: CERT/CC: VU#458007 // CNVD: CNVD-2013-10005 // CNVD: CNVD-2013-10689 // VULHUB: VHN-64878 // BID: 61357 // JVNDB: JVNDB-2013-003460 // CNNVD: CNNVD-201307-296 // CNNVD: CNNVD-201307-416 // NVD: CVE-2013-4876

CREDITS

iSEC Partners

Trust: 1.2

sources: BID: 61169 // BID: 61357 // CNNVD: CNNVD-201307-296

SOURCES

db:	CERT/CC	id:	VU#458007
db:	CNVD	id:	CNVD-2013-10005
db:	CNVD	id:	CNVD-2013-10689
db:	VULHUB	id:	VHN-64878
db:	BID	id:	61169
db:	BID	id:	61357
db:	JVNDB	id:	JVNDB-2013-003460
db:	CNNVD	id:	CNNVD-201307-296
db:	CNNVD	id:	CNNVD-201307-416
db:	NVD	id:	CVE-2013-4876

LAST UPDATE DATE

2025-04-11T22:53:17.857000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#458007	date:	2013-07-23T00:00:00
db:	CNVD	id:	CNVD-2013-10005	date:	2013-07-19T00:00:00
db:	CNVD	id:	CNVD-2013-10689	date:	2013-07-26T00:00:00
db:	VULHUB	id:	VHN-64878	date:	2013-07-19T00:00:00
db:	BID	id:	61169	date:	2013-07-23T02:23:00
db:	BID	id:	61357	date:	2013-07-16T00:00:00
db:	JVNDB	id:	JVNDB-2013-003460	date:	2013-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201307-296	date:	2013-07-19T00:00:00
db:	CNNVD	id:	CNNVD-201307-416	date:	2013-07-19T00:00:00
db:	NVD	id:	CVE-2013-4876	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#458007	date:	2013-07-15T00:00:00
db:	CNVD	id:	CNVD-2013-10005	date:	2013-07-19T00:00:00
db:	CNVD	id:	CNVD-2013-10689	date:	2013-07-26T00:00:00
db:	VULHUB	id:	VHN-64878	date:	2013-07-18T00:00:00
db:	BID	id:	61169	date:	2013-07-15T00:00:00
db:	BID	id:	61357	date:	2013-07-16T00:00:00
db:	JVNDB	id:	JVNDB-2013-003460	date:	2013-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201307-296	date:	2013-07-19T00:00:00
db:	CNNVD	id:	CNNVD-201307-416	date:	2013-07-19T00:00:00
db:	NVD	id:	CVE-2013-4876	date:	2013-07-18T16:51:40.393