CVE-2013-4877

Published: Jul 18, 2013Modified: Apr 29, 2026

2.6

Vector

AV:L/AC:H/Au:N/C:P/I:P/A:N

Exploitability: 1.9 / Impact: 4.9

Source: NVD

Description

The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets.

Affected (2)

Products: Verizon: Wireless Network Extender

1 product

Wireless Network Extender

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Verizon Wireless Network Extender	Version scs-26uc4
Verizon Wireless Network Extender	Version scs-2u01

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

http://www.kb.cert.org/vuls/id/458007

Source: cve@mitre.org

US Government Resource

http://www.kb.cert.org/vuls/id/BLUU-997M5B

Source: cve@mitre.org

US Government Resource

http://www.securityfocus.com/bid/61169

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/458007

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.kb.cert.org/vuls/id/BLUU-997M5B

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.securityfocus.com/bid/61169

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.