CVE-2013-4708

The PPP Access Concentrator (PPPAC) in Internet Initiative Japan Inc. SEIL/x86 1.00 through 2.80, SEIL/X1 1.00 through 4.30, SEIL/X2 1.00 through 4.30, SEIL/B1 1.00 through 4.30, SEIL/Turbo 1.80 through 2.15, and SEIL/neu 2FE Plus 1.80 through 2.15 generates predictable random numbers, which allows remote attackers to bypass RADIUS authentication by sniffing RADIUS traffic.

Published: 2013-10-01 Last update: 2026-04-29 Assigner: [email protected] Source: [email protected]

NVD Status：Modified，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2013-4708 is rated Low Risk (35.6/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 0.19%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2013-4708

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2024-04-25	0.12%	0.19%	+0.06%
2	2024-02-08	0.23%	0.12%	-0.10%
3	2023-03-07	—	0.23%	—

Full EPSS history (4 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2013-4708

CVSS metrics for this CVE.

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
4.0	2.0	MEDIUM	`AV:N/AC:H/Au:N/C:P/I:P/A:N` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:H) Exploitation requires uncommon or highly specific conditions. Authentication (AU:N) No authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:N) No availability impact.	4.9	4.9	[email protected]

Weakness enumeration for CVE-2013-4708

CWE-310 MITRE ↗

Affected software / configurations for CVE-2013-4708

Vendor	Product	Version	Raw CPE
iij	seil\%2fx1_firmware	1.00	cpe:2.3:o:iij:seil\%2fx1_firmware:1.00:::::::*
iij	seil\%2fx1_firmware	4.30	cpe:2.3:o:iij:seil\%2fx1_firmware:4.30:::::::*
iij	seil\/x1	—	cpe:2.3:h:iij:seil\/x1::::::::
iij	seil\%2fb1_firmware	1.00	cpe:2.3:o:iij:seil\%2fb1_firmware:1.00:::::::*
iij	seil\%2fb1_firmware	4.30	cpe:2.3:o:iij:seil\%2fb1_firmware:4.30:::::::*
iij	seil\/b1	—	cpe:2.3:h:iij:seil\/b1::::::::
iij	seil\%2fx2_firmware	1.00	cpe:2.3:o:iij:seil\%2fx2_firmware:1.00:::::::*
iij	seil\%2fx2_firmware	4.30	cpe:2.3:o:iij:seil\%2fx2_firmware:4.30:::::::*
iij	seil\/x2	—	cpe:2.3:h:iij:seil\/x2::::::::
iij	seil\%2fx86_firmware	1.00	cpe:2.3:o:iij:seil\%2fx86_firmware:1.00:::::::*
iij	seil\%2fx86_firmware	2.80	cpe:2.3:o:iij:seil\%2fx86_firmware:2.80:::::::*
iij	seil\/x86	—	cpe:2.3:h:iij:seil\/x86::::::::
iij	seil\%2fturbo_firmware	1.80	cpe:2.3:o:iij:seil\%2fturbo_firmware:1.80:::::::*
iij	seil\%2fturbo_firmware	2.05	cpe:2.3:o:iij:seil\%2fturbo_firmware:2.05:::::::*
iij	seil\%2fturbo_firmware	2.15	cpe:2.3:o:iij:seil\%2fturbo_firmware:2.15:::::::*
iij	seil\/turbo	—	cpe:2.3:h:iij:seil\/turbo::::::::
iij	seil\%2fneu_2fe_plus_firmware	1.80	cpe:2.3:o:iij:seil\%2fneu_2fe_plus_firmware:1.80:::::::*
iij	seil\%2fneu_2fe_plus_firmware	2.05	cpe:2.3:o:iij:seil\%2fneu_2fe_plus_firmware:2.05:::::::*
iij	seil\%2fneu_2fe_plus_firmware	2.15	cpe:2.3:o:iij:seil\%2fneu_2fe_plus_firmware:2.15:::::::*
iij	seil\/neu_2fe_plus	—	cpe:2.3:h:iij:seil\/neu_2fe_plus::::::::

References for CVE-2013-4708

URL	Tags
http://jvn.jp/en/jp/JVN40079308/index.html
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000091.html
http://osvdb.org/97619
http://www.seil.jp/support/security/a01388.html	Vendor Advisory

cvelogic Threat Intelligence