Remote Attack Vulnerability in Verizon Wireless Network Extender
CVE-2013-4877

Currently unrated

Key Information:

Vendor: Verizon
Status: Wireless Network Extender
Vendor: CVE Published:; 18 July 2013

What is CVE-2013-4877?

The Verizon Wireless Network Extender models SCS-26UC4 and SCS-2U01 are susceptible to an authentication bypass vulnerability due to the absence of CAVE (Cellular Authentication and Voice Encryption) authentication. This security gap allows remote attackers to intercept registration packets, making it feasible to extract Electronic Serial Number (ESN) and Mobile Identification Number (MIN) values from targeted mobile phones. Subsequently, this information can be exploited to perform cloning attacks, posing significant risks to user privacy and network integrity.

References

http://www.kb.cert.org/vuls/id/BLUU-997M5B

x_refsource_MISC

http://www.kb.cert.org/vuls/id/458007

third-party-advisoryx_refsource_CERT-VN

http://www.securityfocus.com/bid/61169

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 18, 2013
Vulnerability Reserved
Jul 18, 2013

CVE-2013-4877 Data

JSON