CVE-2013-4876 - The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which

CVE Details

CVE-2013-4876

Summary

The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers to obtain administrative access by leveraging a login prompt.

References

http://www.kb.cert.org/vuls/id/458007
http://www.kb.cert.org/vuls/id/BLUU-997M5B

Vulnerable Configurations

cpe:2.3:h:verizon:wireless_network_extender:scs-2u01:*:*:*:*:*:*:*
cpe:2.3:h:verizon:wireless_network_extender:scs-2u01:*:*:*:*:*:*:*

CVSS

Base:	6.2 (as of 19-07-2013 - 04:00)
Impact:	10.0
Exploitability:	1.9

CWE

CWE-255

CAPEC

Click the CAPEC title to display a description

Access

Vector	Complexity	Authentication
LOCAL	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:H/Au:N/C:C/I:C/A:C

refmap via4

cert-vn	VU#458007
misc	http://www.kb.cert.org/vuls/id/BLUU-997M5B

Last major update

19-07-2013 - 04:00

Published

18-07-2013 - 16:51

Last modified

19-07-2013 - 04:00