CVE-2013-4860
Summary
| CVE | CVE-2013-4860 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-06-05 20:55:05 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier does not restrict access to the API, which allows remote attackers to change the operation mode, wifi connection settings, temperature thresholds, and other settings via unspecified vectors. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
AdjacentAccess Complexity
LowAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:A/AC:L/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Radiothermostat | Ct50 | - | All | All | All |
| Operating System | Radiothermostat | Ct50 Firmware | All | All | All | All |
| Hardware | Radiothermostat | Ct80 | - | All | All | All |
| Operating System | Radiothermostat | Ct80 Firmware | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| Radio Thermostat Of America, Inc Lack Of Authentication ≈ Packet Storm | af854a3a-2127-422b-91ae-364da2661108 | packetstormsecurity.com | |
| Radio Thermostat CT80 And CT50 CVE-2013-4860 Remote Security Bypass Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.