CVE-2013-4876
Severity Score
6.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers to obtain administrative access by leveraging a login prompt.
El Verizon Wireless Network Extender SCS-26UC4 tiene un password embebido para la cuenta de root, lo que hace más facil para un atacante físicamente próximo obtener acceso administrativo mediante el aprovechamiento de un prompt de login.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-07-18 CVE Reserved
- 2013-07-18 CVE Published
- 2024-09-16 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-255: Credentials Management Errors
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.kb.cert.org/vuls/id/458007 | Third Party Advisory |
|
| http://www.kb.cert.org/vuls/id/BLUU-997M5B | Us Government Resource |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Verizon Search vendor "Verizon" | Wireless Network Extender Search vendor "Verizon" for product "Wireless Network Extender" | scs-2u01 Search vendor "Verizon" for product "Wireless Network Extender" and version "scs-2u01" | - |
Affected
| ||||||