Vulnerability Details CVE-2013-4860
Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier does not restrict access to the API, which allows remote attackers to change the operation mode, wifi connection settings, temperature thresholds, and other settings via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.0%
CVSS Severity
CVSS v2 Score 8.3
References
- http://packetstormsecurity.com/files/122657/Radio-Thermostat-Of-America-Inc-Lack-Of-Authentication.html
- http://www.securityfocus.com/bid/61581
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86197
- http://packetstormsecurity.com/files/122657/Radio-Thermostat-Of-America-Inc-Lack-Of-Authentication.html
- http://www.securityfocus.com/bid/61581
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86197
Products affected by CVE-2013-4860
-
cpe:2.3:h:radiothermostat:ct50:-
-
cpe:2.3:h:radiothermostat:ct80:-
-
cpe:2.3:o:radiothermostat:ct50_firmware:1.4.64
-
cpe:2.3:o:radiothermostat:ct80_firmware:1.4.64