Unrated severityNVD Advisory· Published Jun 5, 2014· Updated May 6, 2026

CVE-2013-4860

Description

Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier does not restrict access to the API, which allows remote attackers to change the operation mode, wifi connection settings, temperature thresholds, and other settings via unspecified vectors.

Affected products

Radiothermostat/Ct50 Firmware
cpe:2.3:o:radiothermostat:ct50_firmware:*:*:*:*:*:*:*:*
Range: <=1.4.64
Radiothermostat/Ct50
cpe:2.3:h:radiothermostat:ct50:-:*:*:*:*:*:*:*
Radiothermostat/Ct80 Firmware
cpe:2.3:o:radiothermostat:ct80_firmware:*:*:*:*:*:*:*:*
Range: <=1.4.64
Radiothermostat/Ct80
cpe:2.3:h:radiothermostat:ct80:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/122657/Radio-Thermostat-Of-America-Inc-Lack-Of-Authentication.htmlnvd
www.securityfocus.com/bid/61581nvd
exchange.xforce.ibmcloud.com/vulnerabilities/86197nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000