Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
30 vulnerabilities by NTT DOCOMO, INC.
JVNDB-2026-000043
Vulnerability from jvndb - Published: 2026-03-25 18:41 - Updated:2026-03-25 18:41
Severity
Summary
SHARP routers missing authentication for some web APIs
Details
SHARP routers do not perform authentication for some web APIs.
Those web APIs provide device information, and the initial administrative password is based on a part of the device information.
- Missing authentication for critical function (CWE-306) - CVE-2026-32326
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000043.html",
"dc:date": "2026-03-25T18:41+09:00",
"dcterms:issued": "2026-03-25T18:41+09:00",
"dcterms:modified": "2026-03-25T18:41+09:00",
"description": "SHARP routers do not perform authentication for some web APIs.\r\nThose web APIs provide device information, and the initial administrative password is based on a part of the device information.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/306.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eMissing authentication for critical function (CWE-306) - CVE-2026-32326\u003c/li\u003e\u003c/ul\u003eShota Zaizen reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000043.html",
"sec:cpe": [
{
"#text": "cpe:/o:kddi:speed_wi-fi_5g_x01",
"@product": "Speed Wi-Fi 5G X01",
"@vendor": "KDDI",
"@version": "2.2"
},
{
"#text": "cpe:/o:nttdocomo:home_5g_hr01",
"@product": "home 5G HR01",
"@vendor": "NTT DOCOMO, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/o:nttdocomo:home_5g_hr02",
"@product": "home 5G HR02",
"@vendor": "NTT DOCOMO, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/o:nttdocomo:wi-fi_station_sh-52a_firmware",
"@product": "Wi-Fi STATION SH-52A",
"@vendor": "NTT DOCOMO, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/o:nttdocomo:wi-fi_station_sh-52b_firmware",
"@product": "Wi-Fi STATION SH-52B",
"@vendor": "NTT DOCOMO, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/o:nttdocomo:wi-fi_station_sh-54c_firmware",
"@product": "Wi-Fi STATION SH-54C",
"@vendor": "NTT DOCOMO, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/o:softbank:5gmobile_wi-fi_router_sh-u01",
"@product": "5G Mobile Router SH-U01",
"@vendor": "SoftBank",
"@version": "2.2"
},
{
"#text": "cpe:/o:softbank:pocket_wifi_5g_a503sh",
"@product": "Pocket WiFi 5G A503SH versions",
"@vendor": "SoftBank",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-000043",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN49524110/index.html",
"@id": "JVN#49524110",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-32326",
"@id": "CVE-2026-32326",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "SHARP routers missing authentication for some web APIs"
}
JVNDB-2024-000123
Vulnerability from jvndb - Published: 2024-11-29 15:30 - Updated:2024-11-29 15:30
Severity
Summary
Multiple FCNT Android devices vulnerable to authentication bypass
Details
Multiple FCNT Android devices provide security features such as "privacy mode" where arbitrary applications can be set not to be displayed, etc.
The devices contain an authentication bypass vulnerability (CWE-306), where, under certain conditions, the setting pages may be accessed without authentication.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000123.html",
"dc:date": "2024-11-29T15:30+09:00",
"dcterms:issued": "2024-11-29T15:30+09:00",
"dcterms:modified": "2024-11-29T15:30+09:00",
"description": "Multiple FCNT Android devices provide security features such as \"privacy mode\" where arbitrary applications can be set not to be displayed, etc.\r\nThe devices contain an authentication bypass vulnerability (CWE-306), where, under certain conditions, the setting pages may be accessed without authentication.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000123.html",
"sec:cpe": [
{
"#text": "cpe:/o:kddi:arrows",
"@product": "arrows",
"@vendor": "KDDI",
"@version": "2.2"
},
{
"#text": "cpe:/o:nttdocomo:arrows",
"@product": "arrows",
"@vendor": "NTT DOCOMO, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/o:nttdocomo:arrows",
"@product": "arrows",
"@vendor": "NTT DOCOMO, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/o:softbank:arrows",
"@product": "arrows",
"@vendor": "SoftBank",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "3.1",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000123",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN43845108/index.html",
"@id": "JVN#43845108",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-53701",
"@id": "CVE-2024-53701",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple FCNT Android devices vulnerable to authentication bypass"
}
JVNDB-2022-000101
Vulnerability from jvndb - Published: 2022-12-21 14:13 - Updated:2022-12-21 14:13
Severity
Summary
+Message App improper handling of Unicode control characters
Details
+Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's specifications.
Therefore, a crafted text may display misleading web links (CWE-451).
Akaki Tsunoda reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000101.html",
"dc:date": "2022-12-21T14:13+09:00",
"dcterms:issued": "2022-12-21T14:13+09:00",
"dcterms:modified": "2022-12-21T14:13+09:00",
"description": "+Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character\u0027s specifications.\r\nTherefore, a crafted text may display misleading web links (CWE-451).\r\n\r\nAkaki Tsunoda reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000101.html",
"sec:cpe": [
{
"#text": "cpe:/a:kddi:%2b_message",
"@product": "+Message (PlusMessage)",
"@vendor": "KDDI",
"@version": "2.2"
},
{
"#text": "cpe:/a:nttdocomo:%2b_message",
"@product": "+Message (PlusMessage)",
"@vendor": "NTT DOCOMO, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/a:softbank:%2b_message",
"@product": "+Message (PlusMessage)",
"@vendor": "SoftBank",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000101",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN43561812/index.html",
"@id": "JVN#43561812",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-43543",
"@id": "CVE-2022-43543",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-43543",
"@id": "CVE-2022-43543",
"@source": "NVD"
},
{
"#text": "https://unicode.org/reports/tr36/",
"@id": "Unicode Technical Report #36",
"@source": "Related document"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "+Message App improper handling of Unicode control characters"
}
JVNDB-2021-000107
Vulnerability from jvndb - Published: 2021-11-30 14:49 - Updated:2021-11-30 14:49
Severity
Summary
Wi-Fi STATION SH-52A vulnerable to cross-site scripting
Details
Wi-Fi STATION SH-52A provided by NTT DOCOMO, INC. contains a cross-site scripting vulnerability (CWE-79).
Takayuki Sasaki of Yokohama National University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000107.html",
"dc:date": "2021-11-30T14:49+09:00",
"dcterms:issued": "2021-11-30T14:49+09:00",
"dcterms:modified": "2021-11-30T14:49+09:00",
"description": "Wi-Fi STATION SH-52A provided by NTT DOCOMO, INC. contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nTakayuki Sasaki of Yokohama National University reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000107.html",
"sec:cpe": {
"#text": "cpe:/o:nttdocomo:wi-fi_station_sh-52a_firmware",
"@product": "Wi-Fi STATION SH-52A",
"@vendor": "NTT DOCOMO, INC.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.3",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:A/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "2.9",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000107",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN19482703/index.html",
"@id": "JVN#19482703",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20847",
"@id": "CVE-2021-20847",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20847",
"@id": "CVE-2021-20847",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Wi-Fi STATION SH-52A vulnerable to cross-site scripting"
}
JVNDB-2019-000008
Vulnerability from jvndb - Published: 2019-02-12 17:23 - Updated:2019-02-12 17:23
Severity
Summary
A vulnerability in V20 PRO L-01J that may cause a crash
Details
V20 PRO L-01J provided by NTT DOCOMO, INC. is an Android smartphone. V20 PRO L-01J contains a flaw in processing connection using Wi-Fi CERTIFIED Passpoint which may result in the device to crash when Poasspoint is enabled.
Hiroyuki Harada of Sapporo Gakuin University, Masashi Honma of Sole Proprietorship, and Hideaki Goto of Tohoku University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000008.html",
"dc:date": "2019-02-12T17:23+09:00",
"dcterms:issued": "2019-02-12T17:23+09:00",
"dcterms:modified": "2019-02-12T17:23+09:00",
"description": "V20 PRO L-01J provided by NTT DOCOMO, INC. is an Android smartphone. V20 PRO L-01J contains a flaw in processing connection using Wi-Fi CERTIFIED Passpoint which may result in the device to crash when Poasspoint is enabled.\r\n\r\nHiroyuki Harada of Sapporo Gakuin University, Masashi Honma of Sole Proprietorship, and Hideaki Goto of Tohoku University reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000008.html",
"sec:cpe": {
"#text": "cpe:/a:nttdocomo:v20_pro_l-01j_firmware",
"@product": "V20 PRO L-01J",
"@vendor": "NTT DOCOMO, INC.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.3",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-000008",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN40439414/index.html",
"@id": "JVN#40439414",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5914",
"@id": "CVE-2019-5914",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5914",
"@id": "CVE-2019-5914",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "A vulnerability in V20 PRO L-01J that may cause a crash"
}
JVNDB-2018-000100
Vulnerability from jvndb - Published: 2018-09-27 16:52 - Updated:2019-08-27 17:22
Severity
Summary
+Message App fails to verify SSL server certificates
Details
+Message App fails to verify SSL server certificates.
ma.la of LINE Corporation reported this vulnerability to the developer, and also to IPA in order to notify users of its solution through JVN.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000100.html",
"dc:date": "2019-08-27T17:22+09:00",
"dcterms:issued": "2018-09-27T16:52+09:00",
"dcterms:modified": "2019-08-27T17:22+09:00",
"description": "+Message App fails to verify SSL server certificates.\r\n\r\nma.la of LINE Corporation reported this vulnerability to the developer, and also to IPA in order to notify users of its solution through JVN.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000100.html",
"sec:cpe": [
{
"#text": "cpe:/a:kddi:%2b_message",
"@product": "+Message (PlusMessage)",
"@vendor": "KDDI",
"@version": "2.2"
},
{
"#text": "cpe:/a:nttdocomo:%2b_message",
"@product": "+Message (PlusMessage)",
"@vendor": "NTT DOCOMO, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/a:softbank:%2b_message",
"@product": "+Message (PlusMessage)",
"@vendor": "SoftBank",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000100",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN37288228/",
"@id": "JVN#37288228",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0691",
"@id": "CVE-2018-0691",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0691",
"@id": "CVE-2018-0691",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "+Message App fails to verify SSL server certificates"
}
JVNDB-2017-000232
Vulnerability from jvndb - Published: 2017-11-06 13:48 - Updated:2018-03-07 14:00
Severity
Summary
Wi-Fi STATION L-02F vulnerable to buffer overflow
Details
Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. contains a buffer overflow vulnerability.
Daisuke Makita and Hayato Ushimaru of National Institute of Information and Communications Technology, Jumpei Shimamura of clwit, Inc. and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
|
|
||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000232.html",
"dc:date": "2018-03-07T14:00+09:00",
"dcterms:issued": "2017-11-06T13:48+09:00",
"dcterms:modified": "2018-03-07T14:00+09:00",
"description": "Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. contains a buffer overflow vulnerability.\r\n\r\nDaisuke Makita and Hayato Ushimaru of National Institute of Information and Communications Technology, Jumpei Shimamura of clwit, Inc. and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000232.html",
"sec:cpe": {
"#text": "cpe:/h:nttdocomo:wi-fi_station_l-02f",
"@product": "Wi-Fi STATION L-02F",
"@vendor": "NTT DOCOMO, INC.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "10.0",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000232",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN23367475/index.html",
"@id": "JVN#23367475",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10871",
"@id": "CVE-2017-10871",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10871",
"@id": "CVE-2017-10871",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/security/ciadr/vul/20171106-jvn.html",
"@id": "Security Alert for Vulnerability in Wi-Fi STATION L-02F (JVN#23367475)",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "Wi-Fi STATION L-02F vulnerable to buffer overflow"
}
JVNDB-2017-000218
Vulnerability from jvndb - Published: 2017-09-12 14:35 - Updated:2018-02-28 14:09
Severity
Summary
Wi-Fi STATION L-02F fails to restrict access permissions
Details
Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. fails to restrict access permissions.
Japan Computer Emergency Response Team Coordination Center Global Coordination Division Cyber Metrics Line Information Security Analyst Keisuke Shikano reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000218.html",
"dc:date": "2018-02-28T14:09+09:00",
"dcterms:issued": "2017-09-12T14:35+09:00",
"dcterms:modified": "2018-02-28T14:09+09:00",
"description": "Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. fails to restrict access permissions.\r\n\r\nJapan Computer Emergency Response Team Coordination Center Global Coordination Division Cyber Metrics Line Information Security Analyst Keisuke Shikano reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000218.html",
"sec:cpe": {
"#text": "cpe:/h:nttdocomo:wi-fi_station_l-02f",
"@product": "Wi-Fi STATION L-02F",
"@vendor": "NTT DOCOMO, INC.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000218",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN03044183/index.html",
"@id": "JVN#03044183",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10846",
"@id": "CVE-2017-10846",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10846",
"@id": "CVE-2017-10846",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Wi-Fi STATION L-02F fails to restrict access permissions"
}
JVNDB-2017-000217
Vulnerability from jvndb - Published: 2017-09-12 14:34 - Updated:2018-02-28 14:11
Severity
Summary
Backdoor access issue in Wi-Fi STATION L-02F
Details
Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. contains a backdoor access issue.
Japan Computer Emergency Response Team Coordination Center Global Coordination Division Cyber Metrics Line Information Security Analyst Keisuke Shikano reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000217.html",
"dc:date": "2018-02-28T14:11+09:00",
"dcterms:issued": "2017-09-12T14:34+09:00",
"dcterms:modified": "2018-02-28T14:11+09:00",
"description": "Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. contains a backdoor access issue.\r\n\r\nJapan Computer Emergency Response Team Coordination Center Global Coordination Division Cyber Metrics Line Information Security Analyst Keisuke Shikano reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000217.html",
"sec:cpe": {
"#text": "cpe:/h:nttdocomo:wi-fi_station_l-02f",
"@product": "Wi-Fi STATION L-02F",
"@vendor": "NTT DOCOMO, INC.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "10.0",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000217",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN68922465/index.html",
"@id": "JVN#68922465",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10845",
"@id": "CVE-2017-10845",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10845",
"@id": "CVE-2017-10845",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/security/ciadr/vul/20170912-jvn.html",
"@id": "Security Alert for Vulnerability in Wi-Fi STATION L-02F (JVN#68922465)",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.jpcert.or.jp/at/2017/at170034.html",
"@id": "JPCERT-AT-2017-0034",
"@source": "JPCERT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Backdoor access issue in Wi-Fi STATION L-02F"
}
JVNDB-2017-000197
Vulnerability from jvndb - Published: 2017-08-22 12:34 - Updated:2018-02-28 12:13
Severity
Summary
Installer of Photo Collection PC Software provided by NTT DOCOMO, INC. may insecurely load Dynamic Link Libraries and invoke executable files
Details
Photo Collection PC Software provided by NTT DOCOMO, INC. contains an issue with the search paths for DLL/executable files, which may lead to insecurely loading Dynamic Link Libraries and invoking executable files (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000197.html",
"dc:date": "2018-02-28T12:13+09:00",
"dcterms:issued": "2017-08-22T12:34+09:00",
"dcterms:modified": "2018-02-28T12:13+09:00",
"description": "Photo Collection PC Software provided by NTT DOCOMO, INC. contains an issue with the search paths for DLL/executable files, which may lead to insecurely loading Dynamic Link Libraries and invoking executable files (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000197.html",
"sec:cpe": {
"#text": "cpe:/a:nttdocomo:photo_collection_pc_software",
"@product": "Photo Collection PC Software",
"@vendor": "NTT DOCOMO, INC.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000197",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN67954465/index.html",
"@id": "JVN#67954465",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10812",
"@id": "CVE-2017-10812",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10812",
"@id": "CVE-2017-10812",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Installer of Photo Collection PC Software provided by NTT DOCOMO, INC. may insecurely load Dynamic Link Libraries and invoke executable files"
}
JVNDB-2016-000004
Vulnerability from jvndb - Published: 2016-01-18 14:24 - Updated:2017-05-23 13:57
Severity
Summary
Shoplat App for iOS issue in the verification of SSL certificates
Details
Shoplat App for iOS provided by NTT DOCOMO contains an issue in the verification of the SSL server certificate.
ma.la reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000004.html",
"dc:date": "2017-05-23T13:57+09:00",
"dcterms:issued": "2016-01-18T14:24+09:00",
"dcterms:modified": "2017-05-23T13:57+09:00",
"description": "Shoplat App for iOS provided by NTT DOCOMO contains an issue in the verification of the SSL server certificate.\r\n\r\nma.la reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000004.html",
"sec:cpe": {
"#text": "cpe:/a:nttdocomo:shoplat",
"@product": "Shoplat App",
"@vendor": "NTT DOCOMO, INC.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000004",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN47951769/index.html",
"@id": "JVN#47951769",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1132",
"@id": "CVE-2016-1132",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-1132",
"@id": "CVE-2016-1132",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Shoplat App for iOS issue in the verification of SSL certificates"
}
JVNDB-2014-000029
Vulnerability from jvndb - Published: 2014-03-18 14:09 - Updated:2014-03-25 19:25Summary
sp mode mail vulnerability where Java methods may be executed
Details
sp mode mail provided by NTT DOCOMO contains an issue in the processing Deco-mail emoticon POP, which may lead to the execution of arbitrary Java methods that can be executed with the privileges of sp mode mail.
Hironori Tokuta reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000029.html",
"dc:date": "2014-03-25T19:25+09:00",
"dcterms:issued": "2014-03-18T14:09+09:00",
"dcterms:modified": "2014-03-25T19:25+09:00",
"description": "sp mode mail provided by NTT DOCOMO contains an issue in the processing Deco-mail emoticon POP, which may lead to the execution of arbitrary Java methods that can be executed with the privileges of sp mode mail.\r\n\r\nHironori Tokuta reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000029.html",
"sec:cpe": {
"#text": "cpe:/a:nttdocomo:spmode_mail_android",
"@product": "sp mode mail",
"@vendor": "NTT DOCOMO, INC.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000029",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN89260331/index.html",
"@id": "JVN#89260331",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1979",
"@id": "CVE-2014-1979",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1979",
"@id": "CVE-2014-1979",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-DesignError",
"@title": "No Mapping(CWE-DesignError)"
}
],
"title": "sp mode mail vulnerability where Java methods may be executed"
}
JVNDB-2014-000028
Vulnerability from jvndb - Published: 2014-03-18 14:08 - Updated:2014-03-25 19:24Summary
sp mode mail issue where emails in the process of creation may be accessed
Details
sp mode mail provided by NTT DOCOMO contains an application link interface so that mail data can be exchanged with external application during email creation. When the application to be linked is selected, the email contents and attachment are saved to the SD card, therefore other Android applications may access this data.
Hironori Tokuta reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000028.html",
"dc:date": "2014-03-25T19:24+09:00",
"dcterms:issued": "2014-03-18T14:08+09:00",
"dcterms:modified": "2014-03-25T19:24+09:00",
"description": "sp mode mail provided by NTT DOCOMO contains an application link interface so that mail data can be exchanged with external application during email creation. When the application to be linked is selected, the email contents and attachment are saved to the SD card, therefore other Android applications may access this data.\r\n\r\nHironori Tokuta reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000028.html",
"sec:cpe": {
"#text": "cpe:/a:nttdocomo:spmode_mail_android",
"@product": "sp mode mail",
"@vendor": "NTT DOCOMO, INC.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000028",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN05951929/index.html",
"@id": "JVN#05951929",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1978",
"@id": "CVE-2014-1978",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1978",
"@id": "CVE-2014-1978",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "sp mode mail issue where emails in the process of creation may be accessed"
}
JVNDB-2014-000027
Vulnerability from jvndb - Published: 2014-03-18 14:07 - Updated:2014-03-24 19:04Summary
sp mode mail issue when accessing attachments in incoming mail
Details
sp mode mail provided by NTT DOCOMO contains a function that allows other Android applications to access attachments for incoming emails. This function contains an issue in the restriction of access permissions.
Satoru Takekoshi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000027.html",
"dc:date": "2014-03-24T19:04+09:00",
"dcterms:issued": "2014-03-18T14:07+09:00",
"dcterms:modified": "2014-03-24T19:04+09:00",
"description": "sp mode mail provided by NTT DOCOMO contains a function that allows other Android applications to access attachments for incoming emails. This function contains an issue in the restriction of access permissions.\r\n\r\nSatoru Takekoshi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000027.html",
"sec:cpe": {
"#text": "cpe:/a:nttdocomo:spmode_mail_android",
"@product": "sp mode mail",
"@vendor": "NTT DOCOMO, INC.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000027",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN81739241/index.html",
"@id": "JVN#81739241",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1977",
"@id": "CVE-2014-1977",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1977",
"@id": "CVE-2014-1977",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "sp mode mail issue when accessing attachments in incoming mail"
}
JVNDB-2013-000075
Vulnerability from jvndb - Published: 2013-08-07 15:01 - Updated:2013-08-14 14:17Summary
docomo overseas usage application vulnerability in the connection process
Details
docomo overseas usage application provided by NTT DOCOMO contains a vulnerability within the process of connecting to Wi-Fi access points, which may lead to user information being sent unintentionally.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000075.html",
"dc:date": "2013-08-14T14:17+09:00",
"dcterms:issued": "2013-08-07T15:01+09:00",
"dcterms:modified": "2013-08-14T14:17+09:00",
"description": "docomo overseas usage application provided by NTT DOCOMO contains a vulnerability within the process of connecting to Wi-Fi access points, which may lead to user information being sent unintentionally.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000075.html",
"sec:cpe": {
"#text": "cpe:/a:nttdocomo:overseas_usage",
"@product": "docomo overseas usage application",
"@vendor": "NTT DOCOMO, INC.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "3.3",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000075",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN44035194/",
"@id": "JVN#44035194",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3659",
"@id": "CVE-2013-3659",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3659",
"@id": "CVE-2013-3659",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-287",
"@title": "Improper Authentication(CWE-287)"
}
],
"title": "docomo overseas usage application vulnerability in the connection process"
}
JVNDB-2012-000037
Vulnerability from jvndb - Published: 2012-04-26 14:21 - Updated:2012-04-26 14:21Summary
sp mode mail issue in the verification of SSL certificates
Details
sp mode mail contains an issue in the verification of the SSL server certificate.
sp mode mail provided by NTT DOCOMO contains an issue in the verification of the SSL server certificate.
Tsukasa Hamano of Open Source Solution Technology Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000037.html",
"dc:date": "2012-04-26T14:21+09:00",
"dcterms:issued": "2012-04-26T14:21+09:00",
"dcterms:modified": "2012-04-26T14:21+09:00",
"description": "sp mode mail contains an issue in the verification of the SSL server certificate.\r\n\r\nsp mode mail provided by NTT DOCOMO contains an issue in the verification of the SSL server certificate.\r\n\r\nTsukasa Hamano of Open Source Solution Technology Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000037.html",
"sec:cpe": {
"#text": "cpe:/a:nttdocomo:spmode_mail_android",
"@product": "sp mode mail",
"@vendor": "NTT DOCOMO, INC.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000037",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN82029095/index.html",
"@id": "JVN#82029095",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1244",
"@id": "CVE-2012-1244",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1244",
"@id": "CVE-2012-1244",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "sp mode mail issue in the verification of SSL certificates"
}
CVE-2021-20847 (GCVE-0-2021-20847)
Vulnerability from cvelistv5 – Published: 2021-12-01 02:15 – Updated: 2024-08-03 17:53
VLAI
Summary
Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C) allows a remote unauthenticated attacker to inject an arbitrary script via WebUI of the device.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.nttdocomo.co.jp/support/product_updat… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN19482703/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NTT DOCOMO, INC. | Wi-Fi STATION SH-52A |
Affected:
38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nttdocomo.co.jp/support/product_update/sh52a/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN19482703/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wi-Fi STATION SH-52A",
"vendor": "NTT DOCOMO, INC.",
"versions": [
{
"status": "affected",
"version": "38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C) allows a remote unauthenticated attacker to inject an arbitrary script via WebUI of the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-01T02:15:37.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nttdocomo.co.jp/support/product_update/sh52a/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN19482703/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wi-Fi STATION SH-52A",
"version": {
"version_data": [
{
"version_value": "38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C"
}
]
}
}
]
},
"vendor_name": "NTT DOCOMO, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C) allows a remote unauthenticated attacker to inject an arbitrary script via WebUI of the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.nttdocomo.co.jp/support/product_update/sh52a/index.html",
"refsource": "MISC",
"url": "https://www.nttdocomo.co.jp/support/product_update/sh52a/index.html"
},
{
"name": "https://jvn.jp/en/jp/JVN19482703/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN19482703/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20847",
"datePublished": "2021-12-01T02:15:37.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:53:22.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5914 (GCVE-0-2019-5914)
Vulnerability from cvelistv5 – Published: 2019-02-13 18:00 – Updated: 2024-08-04 20:09
VLAI
Summary
V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point.
Severity
No CVSS data available.
CWE
- Null Pointer Exception
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN40439414/index.html | third-party-advisoryx_refsource_JVN |
| https://www.nttdocomo.co.jp/support/utilization/p… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NTT DOCOMO, INC. | V20 PRO L-01J |
Affected:
software version L01J20c and L01J20d
|
Date Public
2019-02-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#40439414",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN40439414/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nttdocomo.co.jp/support/utilization/product_update/list/l01j/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "V20 PRO L-01J",
"vendor": "NTT DOCOMO, INC.",
"versions": [
{
"status": "affected",
"version": "software version L01J20c and L01J20d"
}
]
}
],
"datePublic": "2019-02-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Null Pointer Exception",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-13T17:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#40439414",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN40439414/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nttdocomo.co.jp/support/utilization/product_update/list/l01j/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "V20 PRO L-01J",
"version": {
"version_data": [
{
"version_value": "software version L01J20c and L01J20d"
}
]
}
}
]
},
"vendor_name": "NTT DOCOMO, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Null Pointer Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#40439414",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN40439414/index.html"
},
{
"name": "https://www.nttdocomo.co.jp/support/utilization/product_update/list/l01j/index.html",
"refsource": "MISC",
"url": "https://www.nttdocomo.co.jp/support/utilization/product_update/list/l01j/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5914",
"datePublished": "2019-02-13T18:00:00.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:23.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10871 (GCVE-0-2017-10871)
Vulnerability from cvelistv5 – Published: 2017-11-13 14:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier allows an attacker to execute arbitrary code via unspecified vectors.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN23367475/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NTT DOCOMO, INC. | Wi-Fi STATION L-02F Software |
Affected:
version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier
|
Date Public
2017-11-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#23367475",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN23367475/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wi-Fi STATION L-02F Software",
"vendor": "NTT DOCOMO, INC.",
"versions": [
{
"status": "affected",
"version": "version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier"
}
]
}
],
"datePublic": "2017-11-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier allows an attacker to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-13T13:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#23367475",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN23367475/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wi-Fi STATION L-02F Software",
"version": {
"version_data": [
{
"version_value": "version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier"
}
]
}
}
]
},
"vendor_name": "NTT DOCOMO, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier allows an attacker to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#23367475",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN23367475/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10871",
"datePublished": "2017-11-13T14:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10846 (GCVE-0-2017-10846)
Vulnerability from cvelistv5 – Published: 2017-09-15 17:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors.
Severity
No CVSS data available.
CWE
- Fails to restrict access
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN03044183/index.html | third-party-advisoryx_refsource_JVN |
| https://www.nttdocomo.co.jp/info/notice/page/1707… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NTT DOCOMO, INC. | Wi-Fi STATION L-02F |
Affected:
Software version V10g and earlier
|
Date Public
2017-09-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#03044183",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN03044183/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wi-Fi STATION L-02F",
"vendor": "NTT DOCOMO, INC.",
"versions": [
{
"status": "affected",
"version": "Software version V10g and earlier"
}
]
}
],
"datePublic": "2017-09-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-15T16:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#03044183",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN03044183/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wi-Fi STATION L-02F",
"version": {
"version_data": [
{
"version_value": "Software version V10g and earlier"
}
]
}
}
]
},
"vendor_name": "NTT DOCOMO, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#03044183",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN03044183/index.html"
},
{
"name": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html",
"refsource": "MISC",
"url": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10846",
"datePublished": "2017-09-15T17:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10845 (GCVE-0-2017-10845)
Vulnerability from cvelistv5 – Published: 2017-09-15 17:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account.
Severity
No CVSS data available.
CWE
- CWE-255 - Credential Management (CWE-255)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.nttdocomo.co.jp/info/notice/page/1707… | x_refsource_MISC |
| https://jvn.jp/en//jp/JVN68922465/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NTT DOCOMO, INC. | Wi-Fi STATION L-02F |
Affected:
Software version V10g and earlier
|
Date Public
2017-09-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html"
},
{
"name": "JVN#68922465",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en//jp/JVN68922465/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wi-Fi STATION L-02F",
"vendor": "NTT DOCOMO, INC.",
"versions": [
{
"status": "affected",
"version": "Software version V10g and earlier"
}
]
}
],
"datePublic": "2017-09-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-255",
"description": "Credential Management (CWE-255)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-15T16:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html"
},
{
"name": "JVN#68922465",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en//jp/JVN68922465/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wi-Fi STATION L-02F",
"version": {
"version_data": [
{
"version_value": "Software version V10g and earlier"
}
]
}
}
]
},
"vendor_name": "NTT DOCOMO, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Credential Management (CWE-255)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html",
"refsource": "MISC",
"url": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html"
},
{
"name": "JVN#68922465",
"refsource": "JVN",
"url": "https://jvn.jp/en//jp/JVN68922465/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10845",
"datePublished": "2017-09-15T17:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10812 (GCVE-0-2017-10812)
Vulnerability from cvelistv5 – Published: 2017-08-28 20:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN67954465/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NTT DOCOMO, INC. | Photo Collection PC Software |
Affected:
Ver.4.0.2 and earlier
|
Date Public
2017-08-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#67954465",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN67954465/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Photo Collection PC Software",
"vendor": "NTT DOCOMO, INC.",
"versions": [
{
"status": "affected",
"version": "Ver.4.0.2 and earlier"
}
]
}
],
"datePublic": "2017-08-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#67954465",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN67954465/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Photo Collection PC Software",
"version": {
"version_data": [
{
"version_value": "Ver.4.0.2 and earlier"
}
]
}
}
]
},
"vendor_name": "NTT DOCOMO, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#67954465",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN67954465/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10812",
"datePublished": "2017-08-28T20:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4854 (GCVE-0-2016-4854)
Vulnerability from cvelistv5 – Published: 2017-05-22 16:00 – Updated: 2024-08-06 00:46
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site request forgery
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2016-000194 | third-party-advisoryx_refsource_JVNDB |
| https://jvn.jp/en/jp/JVN46351856/index.html | third-party-advisoryx_refsource_JVN |
| http://www.securityfocus.com/bid/93278 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NTT DOCOMO, INC. | L-04D |
Affected:
firmware version V10a and V10b
|
Date Public
2016-10-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:38.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2016-000194",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000194"
},
{
"name": "JVN#46351856",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN46351856/index.html"
},
{
"name": "93278",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93278"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "L-04D",
"vendor": "NTT DOCOMO, INC.",
"versions": [
{
"status": "affected",
"version": "firmware version V10a and V10b"
}
]
}
],
"datePublic": "2016-10-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-23T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2016-000194",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000194"
},
{
"name": "JVN#46351856",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN46351856/index.html"
},
{
"name": "93278",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93278"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "L-04D",
"version": {
"version_data": [
{
"version_value": "firmware version V10a and V10b"
}
]
}
}
]
},
"vendor_name": "NTT DOCOMO, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2016-000194",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000194"
},
{
"name": "JVN#46351856",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN46351856/index.html"
},
{
"name": "93278",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93278"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4854",
"datePublished": "2017-05-22T16:00:00.000Z",
"dateReserved": "2016-05-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:46:38.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20847 (GCVE-0-2021-20847)
Vulnerability from nvd – Published: 2021-12-01 02:15 – Updated: 2024-08-03 17:53
VLAI
Summary
Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C) allows a remote unauthenticated attacker to inject an arbitrary script via WebUI of the device.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.nttdocomo.co.jp/support/product_updat… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN19482703/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NTT DOCOMO, INC. | Wi-Fi STATION SH-52A |
Affected:
38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nttdocomo.co.jp/support/product_update/sh52a/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN19482703/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wi-Fi STATION SH-52A",
"vendor": "NTT DOCOMO, INC.",
"versions": [
{
"status": "affected",
"version": "38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C) allows a remote unauthenticated attacker to inject an arbitrary script via WebUI of the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-01T02:15:37.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nttdocomo.co.jp/support/product_update/sh52a/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN19482703/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wi-Fi STATION SH-52A",
"version": {
"version_data": [
{
"version_value": "38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C"
}
]
}
}
]
},
"vendor_name": "NTT DOCOMO, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C) allows a remote unauthenticated attacker to inject an arbitrary script via WebUI of the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.nttdocomo.co.jp/support/product_update/sh52a/index.html",
"refsource": "MISC",
"url": "https://www.nttdocomo.co.jp/support/product_update/sh52a/index.html"
},
{
"name": "https://jvn.jp/en/jp/JVN19482703/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN19482703/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20847",
"datePublished": "2021-12-01T02:15:37.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:53:22.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5914 (GCVE-0-2019-5914)
Vulnerability from nvd – Published: 2019-02-13 18:00 – Updated: 2024-08-04 20:09
VLAI
Summary
V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point.
Severity
No CVSS data available.
CWE
- Null Pointer Exception
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN40439414/index.html | third-party-advisoryx_refsource_JVN |
| https://www.nttdocomo.co.jp/support/utilization/p… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NTT DOCOMO, INC. | V20 PRO L-01J |
Affected:
software version L01J20c and L01J20d
|
Date Public
2019-02-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#40439414",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN40439414/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nttdocomo.co.jp/support/utilization/product_update/list/l01j/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "V20 PRO L-01J",
"vendor": "NTT DOCOMO, INC.",
"versions": [
{
"status": "affected",
"version": "software version L01J20c and L01J20d"
}
]
}
],
"datePublic": "2019-02-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Null Pointer Exception",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-13T17:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#40439414",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN40439414/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nttdocomo.co.jp/support/utilization/product_update/list/l01j/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "V20 PRO L-01J",
"version": {
"version_data": [
{
"version_value": "software version L01J20c and L01J20d"
}
]
}
}
]
},
"vendor_name": "NTT DOCOMO, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Null Pointer Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#40439414",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN40439414/index.html"
},
{
"name": "https://www.nttdocomo.co.jp/support/utilization/product_update/list/l01j/index.html",
"refsource": "MISC",
"url": "https://www.nttdocomo.co.jp/support/utilization/product_update/list/l01j/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5914",
"datePublished": "2019-02-13T18:00:00.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:23.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10871 (GCVE-0-2017-10871)
Vulnerability from nvd – Published: 2017-11-13 14:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier allows an attacker to execute arbitrary code via unspecified vectors.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN23367475/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NTT DOCOMO, INC. | Wi-Fi STATION L-02F Software |
Affected:
version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier
|
Date Public
2017-11-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#23367475",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN23367475/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wi-Fi STATION L-02F Software",
"vendor": "NTT DOCOMO, INC.",
"versions": [
{
"status": "affected",
"version": "version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier"
}
]
}
],
"datePublic": "2017-11-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier allows an attacker to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-13T13:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#23367475",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN23367475/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wi-Fi STATION L-02F Software",
"version": {
"version_data": [
{
"version_value": "version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier"
}
]
}
}
]
},
"vendor_name": "NTT DOCOMO, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier allows an attacker to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#23367475",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN23367475/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10871",
"datePublished": "2017-11-13T14:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10846 (GCVE-0-2017-10846)
Vulnerability from nvd – Published: 2017-09-15 17:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors.
Severity
No CVSS data available.
CWE
- Fails to restrict access
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN03044183/index.html | third-party-advisoryx_refsource_JVN |
| https://www.nttdocomo.co.jp/info/notice/page/1707… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NTT DOCOMO, INC. | Wi-Fi STATION L-02F |
Affected:
Software version V10g and earlier
|
Date Public
2017-09-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#03044183",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN03044183/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wi-Fi STATION L-02F",
"vendor": "NTT DOCOMO, INC.",
"versions": [
{
"status": "affected",
"version": "Software version V10g and earlier"
}
]
}
],
"datePublic": "2017-09-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-15T16:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#03044183",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN03044183/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wi-Fi STATION L-02F",
"version": {
"version_data": [
{
"version_value": "Software version V10g and earlier"
}
]
}
}
]
},
"vendor_name": "NTT DOCOMO, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#03044183",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN03044183/index.html"
},
{
"name": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html",
"refsource": "MISC",
"url": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10846",
"datePublished": "2017-09-15T17:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10845 (GCVE-0-2017-10845)
Vulnerability from nvd – Published: 2017-09-15 17:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account.
Severity
No CVSS data available.
CWE
- CWE-255 - Credential Management (CWE-255)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.nttdocomo.co.jp/info/notice/page/1707… | x_refsource_MISC |
| https://jvn.jp/en//jp/JVN68922465/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NTT DOCOMO, INC. | Wi-Fi STATION L-02F |
Affected:
Software version V10g and earlier
|
Date Public
2017-09-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html"
},
{
"name": "JVN#68922465",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en//jp/JVN68922465/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wi-Fi STATION L-02F",
"vendor": "NTT DOCOMO, INC.",
"versions": [
{
"status": "affected",
"version": "Software version V10g and earlier"
}
]
}
],
"datePublic": "2017-09-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-255",
"description": "Credential Management (CWE-255)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-15T16:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html"
},
{
"name": "JVN#68922465",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en//jp/JVN68922465/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wi-Fi STATION L-02F",
"version": {
"version_data": [
{
"version_value": "Software version V10g and earlier"
}
]
}
}
]
},
"vendor_name": "NTT DOCOMO, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Credential Management (CWE-255)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html",
"refsource": "MISC",
"url": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html"
},
{
"name": "JVN#68922465",
"refsource": "JVN",
"url": "https://jvn.jp/en//jp/JVN68922465/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10845",
"datePublished": "2017-09-15T17:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10812 (GCVE-0-2017-10812)
Vulnerability from nvd – Published: 2017-08-28 20:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN67954465/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NTT DOCOMO, INC. | Photo Collection PC Software |
Affected:
Ver.4.0.2 and earlier
|
Date Public
2017-08-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#67954465",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN67954465/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Photo Collection PC Software",
"vendor": "NTT DOCOMO, INC.",
"versions": [
{
"status": "affected",
"version": "Ver.4.0.2 and earlier"
}
]
}
],
"datePublic": "2017-08-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#67954465",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN67954465/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Photo Collection PC Software",
"version": {
"version_data": [
{
"version_value": "Ver.4.0.2 and earlier"
}
]
}
}
]
},
"vendor_name": "NTT DOCOMO, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#67954465",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN67954465/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10812",
"datePublished": "2017-08-28T20:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4854 (GCVE-0-2016-4854)
Vulnerability from nvd – Published: 2017-05-22 16:00 – Updated: 2024-08-06 00:46
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site request forgery
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2016-000194 | third-party-advisoryx_refsource_JVNDB |
| https://jvn.jp/en/jp/JVN46351856/index.html | third-party-advisoryx_refsource_JVN |
| http://www.securityfocus.com/bid/93278 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NTT DOCOMO, INC. | L-04D |
Affected:
firmware version V10a and V10b
|
Date Public
2016-10-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:38.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2016-000194",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000194"
},
{
"name": "JVN#46351856",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN46351856/index.html"
},
{
"name": "93278",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93278"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "L-04D",
"vendor": "NTT DOCOMO, INC.",
"versions": [
{
"status": "affected",
"version": "firmware version V10a and V10b"
}
]
}
],
"datePublic": "2016-10-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-23T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2016-000194",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000194"
},
{
"name": "JVN#46351856",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN46351856/index.html"
},
{
"name": "93278",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93278"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "L-04D",
"version": {
"version_data": [
{
"version_value": "firmware version V10a and V10b"
}
]
}
}
]
},
"vendor_name": "NTT DOCOMO, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2016-000194",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000194"
},
{
"name": "JVN#46351856",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN46351856/index.html"
},
{
"name": "93278",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93278"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4854",
"datePublished": "2017-05-22T16:00:00.000Z",
"dateReserved": "2016-05-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:46:38.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}