{"api_version":"1","generated_at":"2026-04-23T04:09:53+00:00","cve":"CVE-2013-4860","urls":{"html":"https://cve.report/CVE-2013-4860","api":"https://cve.report/api/cve/CVE-2013-4860.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2013-4860","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2013-4860"},"summary":{"title":"CVE-2013-4860","description":"Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier does not restrict access to the API, which allows remote attackers to change the operation mode, wifi connection settings, temperature thresholds, and other settings via unspecified vectors.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2014-06-05 20:55:00","updated_at":"2017-08-29 01:33:00"},"problem_types":["CWE-264"],"metrics":[],"references":[{"url":"http://packetstormsecurity.com/files/122657/Radio-Thermostat-Of-America-Inc-Lack-Of-Authentication.html","name":"http://packetstormsecurity.com/files/122657/Radio-Thermostat-Of-America-Inc-Lack-Of-Authentication.html","refsource":"MISC","tags":[],"title":"Radio Thermostat Of America, Inc Lack Of Authentication ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86197","name":"radiothermostat-cve20134860-security-bypass(86197)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/61581","name":"61581","refsource":"BID","tags":[],"title":"Radio Thermostat CT80 And CT50 CVE-2013-4860 Remote Security Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2013-4860","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4860","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2013","cve_id":"4860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"radiothermostat","cpe5":"ct50","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4860","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"radiothermostat","cpe5":"ct50","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4860","vulnerable":"1","versionEndIncluding":"1.4.64","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"radiothermostat","cpe5":"ct50_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4860","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"radiothermostat","cpe5":"ct80","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4860","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"radiothermostat","cpe5":"ct80","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4860","vulnerable":"1","versionEndIncluding":"1.4.64","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"radiothermostat","cpe5":"ct80_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2013-4860","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier does not restrict access to the API, which allows remote attackers to change the operation mode, wifi connection settings, temperature thresholds, and other settings via unspecified vectors."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"radiothermostat-cve20134860-security-bypass(86197)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86197"},{"name":"61581","refsource":"BID","url":"http://www.securityfocus.com/bid/61581"},{"name":"http://packetstormsecurity.com/files/122657/Radio-Thermostat-Of-America-Inc-Lack-Of-Authentication.html","refsource":"MISC","url":"http://packetstormsecurity.com/files/122657/Radio-Thermostat-Of-America-Inc-Lack-Of-Authentication.html"}]}},"nvd":{"publishedDate":"2014-06-05 20:55:00","lastModifiedDate":"2017-08-29 01:33:00","problem_types":["CWE-264"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:C/I:C/A:C","accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":8.3},"severity":"HIGH","exploitabilityScore":6.5,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:radiothermostat:ct50_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.4.64","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:radiothermostat:ct50:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:radiothermostat:ct80_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.4.64","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:radiothermostat:ct80:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2013","CveId":"4860","Ordinal":"64534","Title":"CVE-2013-4860","CVE":"CVE-2013-4860","Year":"2013"},"notes":[{"CveYear":"2013","CveId":"4860","Ordinal":"1","NoteData":"Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier does not restrict access to the API, which allows remote attackers to change the operation mode, wifi connection settings, temperature thresholds, and other settings via unspecified vectors.","Type":"Description","Title":null},{"CveYear":"2013","CveId":"4860","Ordinal":"2","NoteData":"2014-06-05","Type":"Other","Title":"Published"},{"CveYear":"2013","CveId":"4860","Ordinal":"3","NoteData":"2017-08-28","Type":"Other","Title":"Modified"}]}}}