CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-4877
https://notcve.org/view.php?id=CVE-2013-4877
18 Jul 2013 — The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets. El Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 no utiliza autenticación CAVE, haciendo más fácil para atacantes remotos obtener valores ESN y MIN desde teléfonos arbitrarios, y llevar a cabo ataques de clonación mediante la captur... • http://www.kb.cert.org/vuls/id/458007 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 3CVE-2013-0126 – Verizon Fios Router MI424WR-GEN3I - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2013-0126
21 Mar 2013 — Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the username and user_level parameters or (2) enable remote administration via the is_telnet_primary and is_telnet_secondary parameters. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en index.cgi en el rout... • https://www.exploit-db.com/exploits/24860 • CWE-352: Cross-Site Request Forgery (CSRF) •