Details of VAR-201310-0458

ID

VAR-201310-0458

CVE

CVE-2013-4708

TITLE

SEIL Series routers vulnerable in RADIUS authentication

Trust: 0.8

sources: JVNDB: JVNDB-2013-000091

DESCRIPTION

The PPP Access Concentrator (PPPAC) in Internet Initiative Japan Inc. SEIL/x86 1.00 through 2.80, SEIL/X1 1.00 through 4.30, SEIL/X2 1.00 through 4.30, SEIL/B1 1.00 through 4.30, SEIL/Turbo 1.80 through 2.15, and SEIL/neu 2FE Plus 1.80 through 2.15 generates predictable random numbers, which allows remote attackers to bypass RADIUS authentication by sniffing RADIUS traffic. SEIL Series routers contain a vulnerability in RADIUS authentication. SEIL/Turbo and SEIL/neu 2FE Plus routers are router devices developed by SEIL. Multiple SEIL products are prone to a security weakness. Attackers can leverage this issue to bypass certain security restrictions. This may aid in further attacks. The following products are vulnerable: SEIL/x86 1.00 through 2.81 SEIL/X1 1.00 through 4.31 SEIL/X2 1.00 through 4.31 SEIL/B1 1.00 through 4.31 SEIL/Turbo 2.05 through 2.15 SEIL/neu 2FE Plus 2.05 through 2.15. SEIL/x86, etc. SEIL/x86 due to the fact that the program generates predictable random numbers. SEIL/x86 Versions 1.00 to 2.80, SEIL/X1 Versions 1.00 to 4.30, SEIL/X2 Versions 1.00 to 4.30, SEIL/B1 Versions 1.00 to 4.30, SEIL/Turbo Versions 1.80 to 2.15, and SEIL/neu 2FE Plus versions 1.80 to 2.15

Trust: 2.52

sources: NVD: CVE-2013-4708 // JVNDB: JVNDB-2013-000091 // CNVD: CNVD-2013-13386 // BID: 62612 // VULHUB: VHN-64710

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-13386

AFFECTED PRODUCTS

vendor:	iij	model:	seil\%2fturbo	scope:	eq	version:	2.15	Trust: 1.6
vendor:	iij	model:	seil\%2fneu 2fe plus	scope:	eq	version:	2.05	Trust: 1.6
vendor:	iij	model:	seil\%2fx86	scope:	eq	version:	1.00	Trust: 1.6
vendor:	iij	model:	seil\%2fb1	scope:	eq	version:	1.00	Trust: 1.6
vendor:	iij	model:	seil\%2fb1	scope:	eq	version:	4.30	Trust: 1.6
vendor:	iij	model:	seil\%2fneu 2fe plus	scope:	eq	version:	1.80	Trust: 1.6
vendor:	iij	model:	seil\%2fturbo	scope:	eq	version:	1.80	Trust: 1.6
vendor:	iij	model:	seil\%2fturbo	scope:	eq	version:	2.05	Trust: 1.6
vendor:	iij	model:	seil\%2fx86	scope:	eq	version:	2.80	Trust: 1.6
vendor:	iij	model:	seil\%2fneu 2fe plus	scope:	eq	version:	2.15	Trust: 1.6
vendor:	iij	model:	seil\/neu 2fe plus	scope:	eq	version:	*	Trust: 1.0
vendor:	iij	model:	seil\%2fx1	scope:	eq	version:	1.00	Trust: 1.0
vendor:	iij	model:	seil\/b1	scope:	eq	version:	*	Trust: 1.0
vendor:	iij	model:	seil\%2fx1	scope:	eq	version:	4.30	Trust: 1.0
vendor:	iij	model:	seil\/turbo	scope:	eq	version:	*	Trust: 1.0
vendor:	iij	model:	seil\%2fx2	scope:	eq	version:	1.00	Trust: 1.0
vendor:	iij	model:	seil\%2fx2	scope:	eq	version:	4.30	Trust: 1.0
vendor:	iij	model:	seil\/x2	scope:	eq	version:	*	Trust: 1.0
vendor:	iij	model:	seil\/x86	scope:	eq	version:	*	Trust: 1.0
vendor:	iij	model:	seil\/x1	scope:	eq	version:	*	Trust: 1.0
vendor:	seil	model:	seil/neu 2fe plus	scope:	eq	version:	1.80	Trust: 0.9
vendor:	seil	model:	seil/turbo	scope:	eq	version:	1.80	Trust: 0.9
vendor:	internet initiative	model:	seil/b1	scope:	-	version:	-	Trust: 0.8
vendor:	internet initiative	model:	seil/b1	scope:	eq	version:	1.00 to 4.30	Trust: 0.8
vendor:	internet initiative	model:	seil/neu 2fe plus	scope:	-	version:	-	Trust: 0.8
vendor:	internet initiative	model:	seil/neu 2fe plus	scope:	eq	version:	1.80 to 2.15	Trust: 0.8
vendor:	internet initiative	model:	seil/turbo	scope:	-	version:	-	Trust: 0.8
vendor:	internet initiative	model:	seil/turbo	scope:	eq	version:	1.80 to 2.15	Trust: 0.8
vendor:	internet initiative	model:	seil/x1	scope:	-	version:	-	Trust: 0.8
vendor:	internet initiative	model:	seil/x1	scope:	eq	version:	1.00 to 4.30	Trust: 0.8
vendor:	internet initiative	model:	seil/x2	scope:	-	version:	-	Trust: 0.8
vendor:	internet initiative	model:	seil/x2	scope:	eq	version:	1.00 to 4.30	Trust: 0.8
vendor:	internet initiative	model:	seil/x86	scope:	-	version:	-	Trust: 0.8
vendor:	internet initiative	model:	seil/x86	scope:	eq	version:	1.00 to 2.80	Trust: 0.8
vendor:	seil	model:	seil/b1	scope:	eq	version:	2.60	Trust: 0.3
vendor:	seil	model:	seil/x1	scope:	eq	version:	4.30	Trust: 0.3
vendor:	seil	model:	seil/x2	scope:	eq	version:	2.45	Trust: 0.3
vendor:	seil	model:	seil/x86	scope:	ne	version:	2.81	Trust: 0.3
vendor:	seil	model:	seil/x2	scope:	eq	version:	2.42	Trust: 0.3
vendor:	seil	model:	seil/x1	scope:	eq	version:	2.30	Trust: 0.3
vendor:	seil	model:	seil/b1	scope:	eq	version:	2.52	Trust: 0.3
vendor:	seil	model:	seil/x1	scope:	eq	version:	2.50	Trust: 0.3
vendor:	seil	model:	seil/b1	scope:	eq	version:	1.00	Trust: 0.3
vendor:	seil	model:	seil/x2	scope:	eq	version:	3.11	Trust: 0.3
vendor:	seil	model:	seil/b1	scope:	eq	version:	3.75	Trust: 0.3
vendor:	seil	model:	seil/b1	scope:	eq	version:	4.30	Trust: 0.3
vendor:	seil	model:	seil/x1	scope:	eq	version:	3.12	Trust: 0.3
vendor:	seil	model:	seil/x1	scope:	eq	version:	2.49	Trust: 0.3
vendor:	seil	model:	seil/neu 2fe plus	scope:	ne	version:	2.16	Trust: 0.3
vendor:	seil	model:	seil/b1	scope:	eq	version:	2.30	Trust: 0.3
vendor:	seil	model:	seil/x2	scope:	eq	version:	2.41	Trust: 0.3
vendor:	seil	model:	seil/x2	scope:	eq	version:	2.40	Trust: 0.3
vendor:	seil	model:	seil/x1	scope:	eq	version:	2.51	Trust: 0.3
vendor:	seil	model:	seil/x2	scope:	eq	version:	2.47	Trust: 0.3
vendor:	seil	model:	seil/b1	scope:	eq	version:	2.50	Trust: 0.3
vendor:	seil	model:	seil/x2	scope:	eq	version:	1.00	Trust: 0.3
vendor:	seil	model:	seil/x2	scope:	eq	version:	2.48	Trust: 0.3
vendor:	seil	model:	seil/x2	scope:	eq	version:	2.44	Trust: 0.3
vendor:	seil	model:	seil/x1	scope:	eq	version:	2.45	Trust: 0.3
vendor:	seil	model:	seil/x86	scope:	eq	version:	1.61	Trust: 0.3
vendor:	seil	model:	seil/turbo	scope:	eq	version:	2.15	Trust: 0.3
vendor:	seil	model:	seil/b1	scope:	eq	version:	3.12	Trust: 0.3
vendor:	seil	model:	seil/x86	scope:	eq	version:	2.35	Trust: 0.3
vendor:	seil	model:	seil/x1	scope:	eq	version:	2.42	Trust: 0.3
vendor:	seil	model:	seil/x1	scope:	ne	version:	4.31	Trust: 0.3
vendor:	seil	model:	seil/b1	scope:	ne	version:	4.31	Trust: 0.3
vendor:	seil	model:	seil/b1	scope:	eq	version:	2.51	Trust: 0.3
vendor:	seil	model:	seil/x1	scope:	eq	version:	3.11	Trust: 0.3
vendor:	seil	model:	seil/x2	scope:	eq	version:	2.46	Trust: 0.3
vendor:	seil	model:	seil/x2	scope:	eq	version:	2.52	Trust: 0.3
vendor:	seil	model:	seil/x2	scope:	eq	version:	2.43	Trust: 0.3
vendor:	seil	model:	seil/x2	scope:	eq	version:	3.75	Trust: 0.3
vendor:	seil	model:	seil/x86	scope:	eq	version:	1.00	Trust: 0.3
vendor:	seil	model:	seil/x2	scope:	eq	version:	4.30	Trust: 0.3
vendor:	seil	model:	seil/x1	scope:	eq	version:	2.47	Trust: 0.3
vendor:	seil	model:	seil/x1	scope:	eq	version:	2.41	Trust: 0.3
vendor:	seil	model:	seil/x1	scope:	eq	version:	2.40	Trust: 0.3
vendor:	seil	model:	seil/b1	scope:	eq	version:	3.11	Trust: 0.3
vendor:	seil	model:	seil/b1	scope:	eq	version:	2.48	Trust: 0.3
vendor:	seil	model:	seil/turbo	scope:	ne	version:	2.16	Trust: 0.3
vendor:	seil	model:	seil/x2	scope:	eq	version:	2.30	Trust: 0.3
vendor:	seil	model:	seil/x1	scope:	eq	version:	2.48	Trust: 0.3
vendor:	seil	model:	seil/x1	scope:	eq	version:	2.44	Trust: 0.3
vendor:	seil	model:	seil/x1	scope:	eq	version:	1.00	Trust: 0.3
vendor:	seil	model:	seil/x2	scope:	eq	version:	3.12	Trust: 0.3
vendor:	seil	model:	seil/x2	scope:	eq	version:	2.50	Trust: 0.3
vendor:	seil	model:	seil/x2	scope:	ne	version:	4.31	Trust: 0.3
vendor:	seil	model:	seil/x86	scope:	eq	version:	2.80	Trust: 0.3
vendor:	seil	model:	seil/x2	scope:	eq	version:	2.49	Trust: 0.3
vendor:	seil	model:	seil/neu 2fe plus	scope:	eq	version:	2.15	Trust: 0.3
vendor:	seil	model:	seil/x1	scope:	eq	version:	2.46	Trust: 0.3
vendor:	seil	model:	seil/x1	scope:	eq	version:	2.52	Trust: 0.3
vendor:	seil	model:	seil/x1	scope:	eq	version:	2.43	Trust: 0.3
vendor:	seil	model:	seil/x2	scope:	eq	version:	2.51	Trust: 0.3
vendor:	seil	model:	seil/x1	scope:	eq	version:	3.75	Trust: 0.3

sources: CNVD: CNVD-2013-13386 // BID: 62612 // JVNDB: JVNDB-2013-000091 // CNNVD: CNNVD-201309-504 // NVD: CVE-2013-4708

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-4708
value:	MEDIUM
Trust: 1.0
IPA:	JVNDB-2013-000091
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-13386
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201309-504
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-64710
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-4708
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2013-000091
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2013-13386
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-64710
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-13386 // VULHUB: VHN-64710 // JVNDB: JVNDB-2013-000091 // CNNVD: CNNVD-201309-504 // NVD: CVE-2013-4708

PROBLEMTYPE DATA

problemtype:	CWE-310	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-64710 // JVNDB: JVNDB-2013-000091 // NVD: CVE-2013-4708

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-504

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201309-504

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-000091

PATCH

title:	Internet Initiative Japan Inc. website	url:	http://www.seil.jp/support/security/a01388.html	Trust: 0.8
title:	SEIL Multiple Products RADIUS Verification Random Number Generation Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/39884	Trust: 0.6

sources: CNVD: CNVD-2013-13386 // JVNDB: JVNDB-2013-000091

EXTERNAL IDS

db:	NVD	id:	CVE-2013-4708	Trust: 3.4
db:	JVN	id:	JVN40079308	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-000091	Trust: 2.5
db:	OSVDB	id:	97619	Trust: 1.7
db:	BID	id:	62612	Trust: 1.6
db:	CNNVD	id:	CNNVD-201309-504	Trust: 0.7
db:	SECUNIA	id:	54818	Trust: 0.6
db:	CNVD	id:	CNVD-2013-13386	Trust: 0.6
db:	JVN	id:	JVN#40079308	Trust: 0.6
db:	VULHUB	id:	VHN-64710	Trust: 0.1

sources: CNVD: CNVD-2013-13386 // VULHUB: VHN-64710 // BID: 62612 // JVNDB: JVNDB-2013-000091 // CNNVD: CNNVD-201309-504 // NVD: CVE-2013-4708

REFERENCES

url:	http://www.seil.jp/support/security/a01388.html	Trust: 2.6
url:	http://jvn.jp/en/jp/jvn40079308/index.html	Trust: 1.7
url:	http://jvndb.jvn.jp/ja/contents/2013/jvndb-2013-000091.html	Trust: 1.7
url:	http://osvdb.org/97619	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4708	Trust: 0.8
url:	https://jvn.jp/en/jp/jvn40079308/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4708	Trust: 0.8
url:	http://www.secunia.com/advisories/54818/	Trust: 0.6
url:	http://www.securityfocus.com/bid/62612	Trust: 0.6
url:	http://jvn.jp/jp/jvn40079308/	Trust: 0.3

sources: CNVD: CNVD-2013-13386 // VULHUB: VHN-64710 // BID: 62612 // JVNDB: JVNDB-2013-000091 // CNNVD: CNNVD-201309-504 // NVD: CVE-2013-4708

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 62612

SOURCES

db:	CNVD	id:	CNVD-2013-13386
db:	VULHUB	id:	VHN-64710
db:	BID	id:	62612
db:	JVNDB	id:	JVNDB-2013-000091
db:	CNNVD	id:	CNNVD-201309-504
db:	NVD	id:	CVE-2013-4708

LAST UPDATE DATE

2025-04-11T23:07:15.743000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-13386	date:	2013-09-29T00:00:00
db:	VULHUB	id:	VHN-64710	date:	2013-10-07T00:00:00
db:	BID	id:	62612	date:	2013-09-20T00:00:00
db:	JVNDB	id:	JVNDB-2013-000091	date:	2013-10-08T00:00:00
db:	CNNVD	id:	CNNVD-201309-504	date:	2014-06-05T00:00:00
db:	NVD	id:	CVE-2013-4708	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-13386	date:	2013-09-29T00:00:00
db:	VULHUB	id:	VHN-64710	date:	2013-10-01T00:00:00
db:	BID	id:	62612	date:	2013-09-20T00:00:00
db:	JVNDB	id:	JVNDB-2013-000091	date:	2013-09-20T00:00:00
db:	CNNVD	id:	CNNVD-201309-504	date:	2013-09-30T00:00:00
db:	NVD	id:	CVE-2013-4708	date:	2013-10-01T17:55:03.647