Description
The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets.
References (3)
Core 3
Core References
US Government Resource x_refsource_misc
http://www.kb.cert.org/vuls/id/BLUU-997M5B
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/458007
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/61169
Scores
EPSS
0.0078
EPSS Percentile
51.5%
Details
CWE
CWE-287
Status
published
Products (2)
verizon/wireless_network_extender
scs-2u01
verizon/wireless_network_extender
scs-26uc4
Published
Jul 18, 2013
Tracked Since
Feb 18, 2026