VAR-201406-0070
Vulnerability from variot - Updated: 2025-04-13 23:18Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier does not restrict access to the API, which allows remote attackers to change the operation mode, wifi connection settings, temperature thresholds, and other settings via unspecified vectors. The Radio Thermostat CT80 and CT50 are temperature controlled via WiFi. An attacker may leverage this issue to bypass certain security restrictions and perform unauthorized actions. Radio Thermostat CT80 and CT50 running versions 1.4.64 and prior are vulnerable. This product manages heating and cooling systems in homes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201406-0070",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ct50",
"scope": "eq",
"trust": 1.0,
"vendor": "radiothermostat",
"version": null
},
{
"model": "ct80",
"scope": "lte",
"trust": 1.0,
"vendor": "radiothermostat",
"version": "1.4.64"
},
{
"model": "ct80",
"scope": "eq",
"trust": 1.0,
"vendor": "radiothermostat",
"version": null
},
{
"model": "ct50",
"scope": "lte",
"trust": 1.0,
"vendor": "radiothermostat",
"version": "1.4.64"
},
{
"model": "ct50",
"scope": null,
"trust": 0.8,
"vendor": "radio thermostat of america",
"version": null
},
{
"model": "ct50",
"scope": "lte",
"trust": 0.8,
"vendor": "radio thermostat of america",
"version": "1.4.64"
},
{
"model": "ct80",
"scope": null,
"trust": 0.8,
"vendor": "radio thermostat of america",
"version": null
},
{
"model": "ct80",
"scope": "lte",
"trust": 0.8,
"vendor": "radio thermostat of america",
"version": "1.4.64"
},
{
"model": "thermostat of america inc ct80",
"scope": null,
"trust": 0.6,
"vendor": "radio",
"version": null
},
{
"model": "thermostat of america inc ct50",
"scope": null,
"trust": 0.6,
"vendor": "radio",
"version": null
},
{
"model": "ct80",
"scope": "eq",
"trust": 0.6,
"vendor": "radiothermostat",
"version": "1.4.64"
},
{
"model": "ct50",
"scope": "eq",
"trust": 0.6,
"vendor": "radiothermostat",
"version": "1.4.64"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11630"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006564"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-030"
},
{
"db": "NVD",
"id": "CVE-2013-4860"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:radiothermostat:ct50",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:radiothermostat:ct50_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:radiothermostat:ct80",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:radiothermostat:ct80_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006564"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Daniel Crowley of Trustwave SpiderLabs",
"sources": [
{
"db": "BID",
"id": "61581"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-030"
}
],
"trust": 0.9
},
"cve": "CVE-2013-4860",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CVE-2013-4860",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-11630",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "VHN-64862",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-4860",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-4860",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2013-11630",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201308-030",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-64862",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2013-4860",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11630"
},
{
"db": "VULHUB",
"id": "VHN-64862"
},
{
"db": "VULMON",
"id": "CVE-2013-4860"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006564"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-030"
},
{
"db": "NVD",
"id": "CVE-2013-4860"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier does not restrict access to the API, which allows remote attackers to change the operation mode, wifi connection settings, temperature thresholds, and other settings via unspecified vectors. The Radio Thermostat CT80 and CT50 are temperature controlled via WiFi. \nAn attacker may leverage this issue to bypass certain security restrictions and perform unauthorized actions. \nRadio Thermostat CT80 and CT50 running versions 1.4.64 and prior are vulnerable. This product manages heating and cooling systems in homes",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4860"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006564"
},
{
"db": "CNVD",
"id": "CNVD-2013-11630"
},
{
"db": "BID",
"id": "61581"
},
{
"db": "VULHUB",
"id": "VHN-64862"
},
{
"db": "VULMON",
"id": "CVE-2013-4860"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-4860",
"trust": 3.5
},
{
"db": "BID",
"id": "61581",
"trust": 2.7
},
{
"db": "PACKETSTORM",
"id": "122657",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006564",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-11630",
"trust": 0.6
},
{
"db": "XF",
"id": "86197",
"trust": 0.6
},
{
"db": "XF",
"id": "20134860",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201308-030",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-64862",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2013-4860",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11630"
},
{
"db": "VULHUB",
"id": "VHN-64862"
},
{
"db": "VULMON",
"id": "CVE-2013-4860"
},
{
"db": "BID",
"id": "61581"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006564"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-030"
},
{
"db": "NVD",
"id": "CVE-2013-4860"
}
]
},
"id": "VAR-201406-0070",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11630"
},
{
"db": "VULHUB",
"id": "VHN-64862"
}
],
"trust": 1.4857143
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11630"
}
]
},
"last_update_date": "2025-04-13T23:18:22.189000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Radio Thermostat",
"trust": 0.8,
"url": "http://www.radiothermostat.com/control.html"
},
{
"title": "cve",
"trust": 0.1,
"url": "https://github.com/brannondorsey/cve "
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/google-roku-sonos-to-fix-dns-rebinding-attack-vector/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2013-4860"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006564"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64862"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006564"
},
{
"db": "NVD",
"id": "CVE-2013-4860"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://packetstormsecurity.com/files/122657/radio-thermostat-of-america-inc-lack-of-authentication.html"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/61581"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86197"
},
{
"trust": 0.9,
"url": "http://seclists.org/fulldisclosure/2013/aug/20"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4860"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4860"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/86197"
},
{
"trust": 0.3,
"url": "http://www.radiothermostat.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/brannondorsey/cve"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11630"
},
{
"db": "VULHUB",
"id": "VHN-64862"
},
{
"db": "VULMON",
"id": "CVE-2013-4860"
},
{
"db": "BID",
"id": "61581"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006564"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-030"
},
{
"db": "NVD",
"id": "CVE-2013-4860"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-11630"
},
{
"db": "VULHUB",
"id": "VHN-64862"
},
{
"db": "VULMON",
"id": "CVE-2013-4860"
},
{
"db": "BID",
"id": "61581"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006564"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-030"
},
{
"db": "NVD",
"id": "CVE-2013-4860"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-11630"
},
{
"date": "2014-06-05T00:00:00",
"db": "VULHUB",
"id": "VHN-64862"
},
{
"date": "2014-06-05T00:00:00",
"db": "VULMON",
"id": "CVE-2013-4860"
},
{
"date": "2013-08-01T00:00:00",
"db": "BID",
"id": "61581"
},
{
"date": "2014-06-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006564"
},
{
"date": "2013-08-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-030"
},
{
"date": "2014-06-05T20:55:05.517000",
"db": "NVD",
"id": "CVE-2013-4860"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-11630"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-64862"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULMON",
"id": "CVE-2013-4860"
},
{
"date": "2015-03-19T08:45:00",
"db": "BID",
"id": "61581"
},
{
"date": "2014-06-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006564"
},
{
"date": "2014-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-030"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2013-4860"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-030"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Radio Thermostat CT80 And CT50 Remote Security Bypass Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11630"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-030"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-030"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…