Sign-up

ID

VAR-201406-0070


CVE

CVE-2013-4860


TITLE

Radio Thermostat CT80 And CT50 Remote Security Bypass Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2013-11630 // CNNVD: CNNVD-201308-030

DESCRIPTION

Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier does not restrict access to the API, which allows remote attackers to change the operation mode, wifi connection settings, temperature thresholds, and other settings via unspecified vectors. The Radio Thermostat CT80 and CT50 are temperature controlled via WiFi. An attacker may leverage this issue to bypass certain security restrictions and perform unauthorized actions. Radio Thermostat CT80 and CT50 running versions 1.4.64 and prior are vulnerable. This product manages heating and cooling systems in homes

Trust: 2.61

sources: NVD: CVE-2013-4860 // JVNDB: JVNDB-2013-006564 // CNVD: CNVD-2013-11630 // BID: 61581 // VULHUB: VHN-64862 // VULMON: CVE-2013-4860

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-11630

AFFECTED PRODUCTS

vendor:radiothermostatmodel:ct50scope:eqversion: -

Trust: 1.0

vendor:radiothermostatmodel:ct80scope:lteversion:1.4.64

Trust: 1.0

vendor:radiothermostatmodel:ct80scope:eqversion: -

Trust: 1.0

vendor:radiothermostatmodel:ct50scope:lteversion:1.4.64

Trust: 1.0

vendor:radio thermostat of americamodel:ct50scope: - version: -

Trust: 0.8

vendor:radio thermostat of americamodel:ct50scope:lteversion:1.4.64

Trust: 0.8

vendor:radio thermostat of americamodel:ct80scope: - version: -

Trust: 0.8

vendor:radio thermostat of americamodel:ct80scope:lteversion:1.4.64

Trust: 0.8

vendor:radiomodel:thermostat of america inc ct80scope: - version: -

Trust: 0.6

vendor:radiomodel:thermostat of america inc ct50scope: - version: -

Trust: 0.6

vendor:radiothermostatmodel:ct80scope:eqversion:1.4.64

Trust: 0.6

vendor:radiothermostatmodel:ct50scope:eqversion:1.4.64

Trust: 0.6

sources: CNVD: CNVD-2013-11630 // JVNDB: JVNDB-2013-006564 // CNNVD: CNNVD-201308-030 // NVD: CVE-2013-4860

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-4860
value: HIGH

Trust: 1.0

NVD: CVE-2013-4860
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-11630
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201308-030
value: HIGH

Trust: 0.6

VULHUB: VHN-64862
value: HIGH

Trust: 0.1

VULMON: CVE-2013-4860
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-4860
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2013-11630
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-64862
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-11630 // VULHUB: VHN-64862 // VULMON: CVE-2013-4860 // JVNDB: JVNDB-2013-006564 // CNNVD: CNNVD-201308-030 // NVD: CVE-2013-4860

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-64862 // JVNDB: JVNDB-2013-006564 // NVD: CVE-2013-4860

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201308-030

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201308-030

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-006564

PATCH
title:Radio Thermostaturl:http://www.radiothermostat.com/control.html
Trust: 0.8
title:cveurl:https://github.com/brannondorsey/cve 
Trust: 0.1
title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/google-roku-sonos-to-fix-dns-rebinding-attack-vector/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2013-4860 // 
            
            
            
            JVNDB: JVNDB-2013-006564

EXTERNAL IDS
db:NVDid:CVE-2013-4860
Trust: 3.5
db:BIDid:61581
Trust: 2.7
db:PACKETSTORMid:122657
Trust: 2.6
db:JVNDBid:JVNDB-2013-006564
Trust: 0.8
db:CNVDid:CNVD-2013-11630
Trust: 0.6
db:XFid:86197
Trust: 0.6
db:XFid:20134860
Trust: 0.6
db:CNNVDid:CNNVD-201308-030
Trust: 0.6
db:VULHUBid:VHN-64862
Trust: 0.1
db:VULMONid:CVE-2013-4860
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-11630 // 
            
            
            
            VULHUB: VHN-64862 // 
            
            
            
            VULMON: CVE-2013-4860 // 
            
            
            
            BID: 61581 // 
            
            
            
            JVNDB: JVNDB-2013-006564 // 
            
            
            
            CNNVD: CNNVD-201308-030 // 
            
            
            
            NVD: CVE-2013-4860

REFERENCES
url:http://packetstormsecurity.com/files/122657/radio-thermostat-of-america-inc-lack-of-authentication.html
Trust: 2.7
url:http://www.securityfocus.com/bid/61581
Trust: 1.9
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/86197
Trust: 1.2
url:http://seclists.org/fulldisclosure/2013/aug/20
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4860
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4860
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/86197
Trust: 0.6
url:http://www.radiothermostat.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/264.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/brannondorsey/cve
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-11630 // 
            
            
            
            VULHUB: VHN-64862 // 
            
            
            
            VULMON: CVE-2013-4860 // 
            
            
            
            BID: 61581 // 
            
            
            
            JVNDB: JVNDB-2013-006564 // 
            
            
            
            CNNVD: CNNVD-201308-030 // 
            
            
            
            NVD: CVE-2013-4860

CREDITS
Daniel Crowley of Trustwave SpiderLabs
Trust: 0.9
sources:
            
            
            BID: 61581 // 
            
            
            
            CNNVD: CNNVD-201308-030

SOURCES
db:CNVDid:CNVD-2013-11630
db:VULHUBid:VHN-64862
db:VULMONid:CVE-2013-4860
db:BIDid:61581
db:JVNDBid:JVNDB-2013-006564
db:CNNVDid:CNNVD-201308-030
db:NVDid:CVE-2013-4860

LAST UPDATE DATE
2025-04-13T23:18:22.189000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-11630date:2013-08-06T00:00:00
db:VULHUBid:VHN-64862date:2017-08-29T00:00:00
db:VULMONid:CVE-2013-4860date:2017-08-29T00:00:00
db:BIDid:61581date:2015-03-19T08:45:00
db:JVNDBid:JVNDB-2013-006564date:2014-06-09T00:00:00
db:CNNVDid:CNNVD-201308-030date:2014-06-06T00:00:00
db:NVDid:CVE-2013-4860date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-11630date:2013-08-06T00:00:00
db:VULHUBid:VHN-64862date:2014-06-05T00:00:00
db:VULMONid:CVE-2013-4860date:2014-06-05T00:00:00
db:BIDid:61581date:2013-08-01T00:00:00
db:JVNDBid:JVNDB-2013-006564date:2014-06-09T00:00:00
db:CNNVDid:CNNVD-201308-030date:2013-08-22T00:00:00
db:NVDid:CVE-2013-4860date:2014-06-05T20:55:05.517