CVE-2013-4877

Verizon Wireless Network Extender - Info Disclosure

Title source: llm

Description

The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets.

References (3)

[US Government Resource] http://www.kb.cert.org/vuls/id/458007

[US Government Resource] http://www.kb.cert.org/vuls/id/BLUU-997M5B

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/61169

Scores

EPSS 0.0090

EPSS Percentile 75.4%

Classification

CWE

CWE-287

Status draft

Affected Products (2)

verizon/wireless_network_extender

Timeline

Published Jul 18, 2013

Tracked Since Feb 18, 2026