Refine your search

3 vulnerabilities found for Japan Connected-free Wi-Fi by NTT Broadband Platform, Inc.

jvndb-2016-000076
Vulnerability from jvndb
Published
2016-05-27 13:51
Modified
2016-06-23 17:38
Severity ?
5.6 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
Japan Connected-free Wi-Fi vulnerable to API execution
Details
Japan Connected-free Wi-Fi provided by NTT Broadband Platform, Inc. contains a vulnerability which allows an arbitrary API to be executed by a man-in-the-middle attacker. Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000076.html",
  "dc:date": "2016-06-23T17:38+09:00",
  "dcterms:issued": "2016-05-27T13:51+09:00",
  "dcterms:modified": "2016-06-23T17:38+09:00",
  "description": "Japan Connected-free Wi-Fi provided by NTT Broadband Platform, Inc. contains a vulnerability which allows an arbitrary API to be executed by a man-in-the-middle attacker.\r\n\r\nKenta Suefusa and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000076.html",
  "sec:cpe": {
    "#text": "cpe:/a:ntt-bp:japan_connected-free_wi-fi",
    "@product": "Japan Connected-free Wi-Fi",
    "@vendor": "NTT Broadband Platform, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.1",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "5.6",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000076",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN46888319/index.html",
      "@id": "JVN#46888319",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4811",
      "@id": "CVE-2016-4811",
      "@source": "CVE"
    },
    {
      "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4811",
      "@id": "CVE-2016-4811",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Japan Connected-free Wi-Fi vulnerable to API execution"
}

jvndb-2015-000116
Vulnerability from jvndb
Published
2015-09-11 14:17
Modified
2015-09-15 17:17
Severity ?
() - -
Summary
Japan Connected-free Wi-Fi vulnerable to script injection
Details
Japan Connected-free Wi-Fi provided by NTT Broadband Platform, Inc. is vulnerable to script injection when displaying malformed strings contained in SSID. Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000116.html",
  "dc:date": "2015-09-15T17:17+09:00",
  "dcterms:issued": "2015-09-11T14:17+09:00",
  "dcterms:modified": "2015-09-15T17:17+09:00",
  "description": "Japan Connected-free Wi-Fi provided by NTT Broadband Platform, Inc. is vulnerable to script injection when displaying malformed strings contained in SSID.\r\n\r\nKenta Suefusa and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000116.html",
  "sec:cpe": {
    "#text": "cpe:/a:ntt-bp:japan_connected-free_wi-fi",
    "@product": "Japan Connected-free Wi-Fi",
    "@vendor": "NTT Broadband Platform, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "5.4",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2015-000116",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN41048401/index.html",
      "@id": "JVN#41048401",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5630",
      "@id": "CVE-2015-5630",
      "@source": "CVE"
    },
    {
      "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5630",
      "@id": "CVE-2015-5630",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    }
  ],
  "title": "Japan Connected-free Wi-Fi vulnerable to script injection"
}

jvndb-2015-000115
Vulnerability from jvndb
Published
2015-09-11 14:16
Modified
2016-05-27 14:32
Severity ?
() - -
Summary
Japan Connected-free Wi-Fi vulnerable to allow URL whitelist bypass
Details
Japan Connected-free Wi-Fi provided by NTT Broadband Platform, Inc. contains an issue where an arbitrary page may be loaded if the application is launched with the URL-scheme. Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000115.html",
  "dc:date": "2016-05-27T14:32+09:00",
  "dcterms:issued": "2015-09-11T14:16+09:00",
  "dcterms:modified": "2016-05-27T14:32+09:00",
  "description": "Japan Connected-free Wi-Fi provided by NTT Broadband Platform, Inc. contains an issue where an arbitrary page may be loaded if the application is launched with the URL-scheme.\r\n\r\nKenta Suefusa and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000115.html",
  "sec:cpe": {
    "#text": "cpe:/a:ntt-bp:japan_connected-free_wi-fi",
    "@product": "Japan Connected-free Wi-Fi",
    "@vendor": "NTT Broadband Platform, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "6.8",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2015-000115",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN04644117/index.html",
      "@id": "JVN#04644117",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5629",
      "@id": "CVE-2015-5629",
      "@source": "CVE"
    },
    {
      "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5629",
      "@id": "CVE-2015-5629",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Japan Connected-free Wi-Fi vulnerable to allow URL whitelist bypass"
}