Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    30 vulnerabilities by NTT DOCOMO, INC.

    JVNDB-2026-000043

    Vulnerability from jvndb - Published: 2026-03-25 18:41 - Updated:2026-03-25 18:41
    Severity
    Summary
    SHARP routers missing authentication for some web APIs
    Details
    SHARP routers do not perform authentication for some web APIs. Those web APIs provide device information, and the initial administrative password is based on a part of the device information.
    • Missing authentication for critical function (CWE-306) - CVE-2026-32326
    Shota Zaizen reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000043.html",
      "dc:date": "2026-03-25T18:41+09:00",
      "dcterms:issued": "2026-03-25T18:41+09:00",
      "dcterms:modified": "2026-03-25T18:41+09:00",
      "description": "SHARP routers do not perform authentication for some web APIs.\r\nThose web APIs provide device information, and the initial administrative password is based on a part of the device information.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/306.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eMissing authentication for critical function (CWE-306) - CVE-2026-32326\u003c/li\u003e\u003c/ul\u003eShota Zaizen reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000043.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:kddi:speed_wi-fi_5g_x01",
          "@product": "Speed Wi-Fi 5G X01",
          "@vendor": "KDDI",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nttdocomo:home_5g_hr01",
          "@product": "home 5G HR01",
          "@vendor": "NTT DOCOMO, INC.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nttdocomo:home_5g_hr02",
          "@product": "home 5G HR02",
          "@vendor": "NTT DOCOMO, INC.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nttdocomo:wi-fi_station_sh-52a_firmware",
          "@product": "Wi-Fi STATION SH-52A",
          "@vendor": "NTT DOCOMO, INC.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nttdocomo:wi-fi_station_sh-52b_firmware",
          "@product": "Wi-Fi STATION SH-52B",
          "@vendor": "NTT DOCOMO, INC.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nttdocomo:wi-fi_station_sh-54c_firmware",
          "@product": "Wi-Fi STATION SH-54C",
          "@vendor": "NTT DOCOMO, INC.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:softbank:5gmobile_wi-fi_router_sh-u01",
          "@product": "5G Mobile Router SH-U01",
          "@vendor": "SoftBank",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:softbank:pocket_wifi_5g_a503sh",
          "@product": "Pocket WiFi 5G A503SH versions",
          "@vendor": "SoftBank",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "5.7",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2026-000043",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN49524110/index.html",
          "@id": "JVN#49524110",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2026-32326",
          "@id": "CVE-2026-32326",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "SHARP routers missing authentication for some web APIs"
    }

    JVNDB-2024-000123

    Vulnerability from jvndb - Published: 2024-11-29 15:30 - Updated:2024-11-29 15:30
    Severity
    Summary
    Multiple FCNT Android devices vulnerable to authentication bypass
    Details
    Multiple FCNT Android devices provide security features such as "privacy mode" where arbitrary applications can be set not to be displayed, etc. The devices contain an authentication bypass vulnerability (CWE-306), where, under certain conditions, the setting pages may be accessed without authentication.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000123.html",
      "dc:date": "2024-11-29T15:30+09:00",
      "dcterms:issued": "2024-11-29T15:30+09:00",
      "dcterms:modified": "2024-11-29T15:30+09:00",
      "description": "Multiple FCNT Android devices provide security features such as \"privacy mode\" where arbitrary applications can be set not to be displayed, etc.\r\nThe devices contain an authentication bypass vulnerability (CWE-306), where, under certain conditions, the setting pages may be accessed without authentication.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000123.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:kddi:arrows",
          "@product": "arrows",
          "@vendor": "KDDI",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nttdocomo:arrows",
          "@product": "arrows",
          "@vendor": "NTT DOCOMO, INC.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nttdocomo:arrows",
          "@product": "arrows",
          "@vendor": "NTT DOCOMO, INC.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:softbank:arrows",
          "@product": "arrows",
          "@vendor": "SoftBank",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "3.1",
        "@severity": "Low",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2024-000123",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN43845108/index.html",
          "@id": "JVN#43845108",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-53701",
          "@id": "CVE-2024-53701",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Multiple FCNT Android devices vulnerable to authentication bypass"
    }

    JVNDB-2022-000101

    Vulnerability from jvndb - Published: 2022-12-21 14:13 - Updated:2022-12-21 14:13
    Severity
    Summary
    +Message App improper handling of Unicode control characters
    Details
    +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's specifications. Therefore, a crafted text may display misleading web links (CWE-451). Akaki Tsunoda reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000101.html",
      "dc:date": "2022-12-21T14:13+09:00",
      "dcterms:issued": "2022-12-21T14:13+09:00",
      "dcterms:modified": "2022-12-21T14:13+09:00",
      "description": "+Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character\u0027s specifications.\r\nTherefore, a crafted text may display misleading web links (CWE-451).\r\n\r\nAkaki Tsunoda reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000101.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:kddi:%2b_message",
          "@product": "+Message (PlusMessage)",
          "@vendor": "KDDI",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:nttdocomo:%2b_message",
          "@product": "+Message (PlusMessage)",
          "@vendor": "NTT DOCOMO, INC.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:softbank:%2b_message",
          "@product": "+Message (PlusMessage)",
          "@vendor": "SoftBank",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2022-000101",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN43561812/index.html",
          "@id": "JVN#43561812",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2022-43543",
          "@id": "CVE-2022-43543",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-43543",
          "@id": "CVE-2022-43543",
          "@source": "NVD"
        },
        {
          "#text": "https://unicode.org/reports/tr36/",
          "@id": "Unicode Technical Report #36",
          "@source": "Related document"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "+Message App improper handling of Unicode control characters"
    }

    JVNDB-2021-000107

    Vulnerability from jvndb - Published: 2021-11-30 14:49 - Updated:2021-11-30 14:49
    Severity
    Summary
    Wi-Fi STATION SH-52A vulnerable to cross-site scripting
    Details
    Wi-Fi STATION SH-52A provided by NTT DOCOMO, INC. contains a cross-site scripting vulnerability (CWE-79). Takayuki Sasaki of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000107.html",
      "dc:date": "2021-11-30T14:49+09:00",
      "dcterms:issued": "2021-11-30T14:49+09:00",
      "dcterms:modified": "2021-11-30T14:49+09:00",
      "description": "Wi-Fi STATION SH-52A provided by NTT DOCOMO, INC. contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nTakayuki Sasaki of Yokohama National University reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000107.html",
      "sec:cpe": {
        "#text": "cpe:/o:nttdocomo:wi-fi_station_sh-52a_firmware",
        "@product": "Wi-Fi STATION SH-52A",
        "@vendor": "NTT DOCOMO, INC.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "2.3",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:A/AC:M/Au:S/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "2.9",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2021-000107",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN19482703/index.html",
          "@id": "JVN#19482703",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20847",
          "@id": "CVE-2021-20847",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20847",
          "@id": "CVE-2021-20847",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "Wi-Fi STATION SH-52A vulnerable to cross-site scripting"
    }

    JVNDB-2019-000008

    Vulnerability from jvndb - Published: 2019-02-12 17:23 - Updated:2019-02-12 17:23
    Severity
    Summary
    A vulnerability in V20 PRO L-01J that may cause a crash
    Details
    V20 PRO L-01J provided by NTT DOCOMO, INC. is an Android smartphone. V20 PRO L-01J contains a flaw in processing connection using Wi-Fi CERTIFIED Passpoint which may result in the device to crash when Poasspoint is enabled. Hiroyuki Harada of Sapporo Gakuin University, Masashi Honma of Sole Proprietorship, and Hideaki Goto of Tohoku University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000008.html",
      "dc:date": "2019-02-12T17:23+09:00",
      "dcterms:issued": "2019-02-12T17:23+09:00",
      "dcterms:modified": "2019-02-12T17:23+09:00",
      "description": "V20 PRO L-01J provided by NTT DOCOMO, INC. is an Android smartphone. V20 PRO L-01J contains a flaw in processing connection using Wi-Fi CERTIFIED Passpoint which may result in the device to crash when Poasspoint is enabled.\r\n\r\nHiroyuki Harada of Sapporo Gakuin University, Masashi Honma of Sole Proprietorship, and Hideaki Goto of Tohoku University reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000008.html",
      "sec:cpe": {
        "#text": "cpe:/a:nttdocomo:v20_pro_l-01j_firmware",
        "@product": "V20 PRO L-01J",
        "@vendor": "NTT DOCOMO, INC.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "3.3",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
          "@version": "2.0"
        },
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2019-000008",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN40439414/index.html",
          "@id": "JVN#40439414",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5914",
          "@id": "CVE-2019-5914",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5914",
          "@id": "CVE-2019-5914",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "A vulnerability in V20 PRO L-01J that may cause a crash"
    }

    JVNDB-2018-000100

    Vulnerability from jvndb - Published: 2018-09-27 16:52 - Updated:2019-08-27 17:22
    Severity
    Summary
    +Message App fails to verify SSL server certificates
    Details
    +Message App fails to verify SSL server certificates. ma.la of LINE Corporation reported this vulnerability to the developer, and also to IPA in order to notify users of its solution through JVN. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000100.html",
      "dc:date": "2019-08-27T17:22+09:00",
      "dcterms:issued": "2018-09-27T16:52+09:00",
      "dcterms:modified": "2019-08-27T17:22+09:00",
      "description": "+Message App fails to verify SSL server certificates.\r\n\r\nma.la of LINE Corporation reported this vulnerability to the developer, and also to IPA in order to notify users of its solution through JVN.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000100.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:kddi:%2b_message",
          "@product": "+Message (PlusMessage)",
          "@vendor": "KDDI",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:nttdocomo:%2b_message",
          "@product": "+Message (PlusMessage)",
          "@vendor": "NTT DOCOMO, INC.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:softbank:%2b_message",
          "@product": "+Message (PlusMessage)",
          "@vendor": "SoftBank",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "4.0",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2018-000100",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN37288228/",
          "@id": "JVN#37288228",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0691",
          "@id": "CVE-2018-0691",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0691",
          "@id": "CVE-2018-0691",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "+Message App fails to verify SSL server certificates"
    }

    JVNDB-2017-000232

    Vulnerability from jvndb - Published: 2017-11-06 13:48 - Updated:2018-03-07 14:00
    Severity
    Summary
    Wi-Fi STATION L-02F vulnerable to buffer overflow
    Details
    Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. contains a buffer overflow vulnerability. Daisuke Makita and Hayato Ushimaru of National Institute of Information and Communications Technology, Jumpei Shimamura of clwit, Inc. and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000232.html",
      "dc:date": "2018-03-07T14:00+09:00",
      "dcterms:issued": "2017-11-06T13:48+09:00",
      "dcterms:modified": "2018-03-07T14:00+09:00",
      "description": "Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. contains a buffer overflow vulnerability.\r\n\r\nDaisuke Makita and Hayato Ushimaru of National Institute of Information and Communications Technology, Jumpei Shimamura of clwit, Inc. and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000232.html",
      "sec:cpe": {
        "#text": "cpe:/h:nttdocomo:wi-fi_station_l-02f",
        "@product": "Wi-Fi STATION L-02F",
        "@vendor": "NTT DOCOMO, INC.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "10.0",
          "@severity": "High",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "@version": "2.0"
        },
        {
          "@score": "9.8",
          "@severity": "Critical",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000232",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN23367475/index.html",
          "@id": "JVN#23367475",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10871",
          "@id": "CVE-2017-10871",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10871",
          "@id": "CVE-2017-10871",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/security/ciadr/vul/20171106-jvn.html",
          "@id": "Security Alert for Vulnerability in Wi-Fi STATION L-02F (JVN#23367475)",
          "@source": "IPA SECURITY ALERTS"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-119",
          "@title": "Buffer Errors(CWE-119)"
        }
      ],
      "title": "Wi-Fi STATION L-02F vulnerable to buffer overflow"
    }

    JVNDB-2017-000218

    Vulnerability from jvndb - Published: 2017-09-12 14:35 - Updated:2018-02-28 14:09
    Severity
    Summary
    Wi-Fi STATION L-02F fails to restrict access permissions
    Details
    Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. fails to restrict access permissions. Japan Computer Emergency Response Team Coordination Center Global Coordination Division Cyber Metrics Line Information Security Analyst Keisuke Shikano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000218.html",
      "dc:date": "2018-02-28T14:09+09:00",
      "dcterms:issued": "2017-09-12T14:35+09:00",
      "dcterms:modified": "2018-02-28T14:09+09:00",
      "description": "Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. fails to restrict access permissions.\r\n\r\nJapan Computer Emergency Response Team Coordination Center Global Coordination Division Cyber Metrics Line Information Security Analyst Keisuke Shikano reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000218.html",
      "sec:cpe": {
        "#text": "cpe:/h:nttdocomo:wi-fi_station_l-02f",
        "@product": "Wi-Fi STATION L-02F",
        "@vendor": "NTT DOCOMO, INC.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "5.0",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "7.5",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000218",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN03044183/index.html",
          "@id": "JVN#03044183",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10846",
          "@id": "CVE-2017-10846",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10846",
          "@id": "CVE-2017-10846",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-264",
          "@title": "Permissions(CWE-264)"
        }
      ],
      "title": "Wi-Fi STATION L-02F fails to restrict access permissions"
    }

    JVNDB-2017-000217

    Vulnerability from jvndb - Published: 2017-09-12 14:34 - Updated:2018-02-28 14:11
    Severity
    Summary
    Backdoor access issue in Wi-Fi STATION L-02F
    Details
    Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. contains a backdoor access issue. Japan Computer Emergency Response Team Coordination Center Global Coordination Division Cyber Metrics Line Information Security Analyst Keisuke Shikano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000217.html",
      "dc:date": "2018-02-28T14:11+09:00",
      "dcterms:issued": "2017-09-12T14:34+09:00",
      "dcterms:modified": "2018-02-28T14:11+09:00",
      "description": "Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. contains a backdoor access issue.\r\n\r\nJapan Computer Emergency Response Team Coordination Center Global Coordination Division Cyber Metrics Line Information Security Analyst Keisuke Shikano reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000217.html",
      "sec:cpe": {
        "#text": "cpe:/h:nttdocomo:wi-fi_station_l-02f",
        "@product": "Wi-Fi STATION L-02F",
        "@vendor": "NTT DOCOMO, INC.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "10.0",
          "@severity": "High",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "@version": "2.0"
        },
        {
          "@score": "9.8",
          "@severity": "Critical",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000217",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN68922465/index.html",
          "@id": "JVN#68922465",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10845",
          "@id": "CVE-2017-10845",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10845",
          "@id": "CVE-2017-10845",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/security/ciadr/vul/20170912-jvn.html",
          "@id": "Security Alert for Vulnerability in Wi-Fi STATION L-02F (JVN#68922465)",
          "@source": "IPA SECURITY ALERTS"
        },
        {
          "#text": "https://www.jpcert.or.jp/at/2017/at170034.html",
          "@id": "JPCERT-AT-2017-0034",
          "@source": "JPCERT"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-264",
          "@title": "Permissions(CWE-264)"
        }
      ],
      "title": "Backdoor access issue in Wi-Fi STATION L-02F"
    }

    JVNDB-2017-000197

    Vulnerability from jvndb - Published: 2017-08-22 12:34 - Updated:2018-02-28 12:13
    Severity
    Summary
    Installer of Photo Collection PC Software provided by NTT DOCOMO, INC. may insecurely load Dynamic Link Libraries and invoke executable files
    Details
    Photo Collection PC Software provided by NTT DOCOMO, INC. contains an issue with the search paths for DLL/executable files, which may lead to insecurely loading Dynamic Link Libraries and invoking executable files (CWE-427). Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000197.html",
      "dc:date": "2018-02-28T12:13+09:00",
      "dcterms:issued": "2017-08-22T12:34+09:00",
      "dcterms:modified": "2018-02-28T12:13+09:00",
      "description": "Photo Collection PC Software provided by NTT DOCOMO, INC. contains an issue with the search paths for DLL/executable files, which may lead to insecurely loading Dynamic Link Libraries and invoking executable files (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000197.html",
      "sec:cpe": {
        "#text": "cpe:/a:nttdocomo:photo_collection_pc_software",
        "@product": "Photo Collection PC Software",
        "@vendor": "NTT DOCOMO, INC.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000197",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN67954465/index.html",
          "@id": "JVN#67954465",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/ta/JVNTA91240916/",
          "@id": "JVNTA#91240916",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10812",
          "@id": "CVE-2017-10812",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10812",
          "@id": "CVE-2017-10812",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Installer of Photo Collection PC Software provided by NTT DOCOMO, INC. may insecurely load Dynamic Link Libraries and invoke executable files"
    }

    JVNDB-2016-000004

    Vulnerability from jvndb - Published: 2016-01-18 14:24 - Updated:2017-05-23 13:57
    Severity
    Summary
    Shoplat App for iOS issue in the verification of SSL certificates
    Details
    Shoplat App for iOS provided by NTT DOCOMO contains an issue in the verification of the SSL server certificate. ma.la reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000004.html",
      "dc:date": "2017-05-23T13:57+09:00",
      "dcterms:issued": "2016-01-18T14:24+09:00",
      "dcterms:modified": "2017-05-23T13:57+09:00",
      "description": "Shoplat App for iOS provided by NTT DOCOMO contains an issue in the verification of the SSL server certificate.\r\n\r\nma.la reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000004.html",
      "sec:cpe": {
        "#text": "cpe:/a:nttdocomo:shoplat",
        "@product": "Shoplat App",
        "@vendor": "NTT DOCOMO, INC.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "4.0",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2016-000004",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN47951769/index.html",
          "@id": "JVN#47951769",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1132",
          "@id": "CVE-2016-1132",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-1132",
          "@id": "CVE-2016-1132",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Shoplat App for iOS issue in the verification of SSL certificates"
    }

    JVNDB-2014-000029

    Vulnerability from jvndb - Published: 2014-03-18 14:09 - Updated:2014-03-25 19:25
    Severity
    N/A (UNKNOWN) - -
    Summary
    sp mode mail vulnerability where Java methods may be executed
    Details
    sp mode mail provided by NTT DOCOMO contains an issue in the processing Deco-mail emoticon POP, which may lead to the execution of arbitrary Java methods that can be executed with the privileges of sp mode mail. Hironori Tokuta reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000029.html",
      "dc:date": "2014-03-25T19:25+09:00",
      "dcterms:issued": "2014-03-18T14:09+09:00",
      "dcterms:modified": "2014-03-25T19:25+09:00",
      "description": "sp mode mail provided by NTT DOCOMO contains an issue in the processing Deco-mail emoticon POP, which may lead to the execution of arbitrary Java methods that can be executed with the privileges of sp mode mail.\r\n\r\nHironori Tokuta reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000029.html",
      "sec:cpe": {
        "#text": "cpe:/a:nttdocomo:spmode_mail_android",
        "@product": "sp mode mail",
        "@vendor": "NTT DOCOMO, INC.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "6.8",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2014-000029",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN89260331/index.html",
          "@id": "JVN#89260331",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1979",
          "@id": "CVE-2014-1979",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1979",
          "@id": "CVE-2014-1979",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-DesignError",
          "@title": "No Mapping(CWE-DesignError)"
        }
      ],
      "title": "sp mode mail vulnerability where Java methods may be executed"
    }

    JVNDB-2014-000028

    Vulnerability from jvndb - Published: 2014-03-18 14:08 - Updated:2014-03-25 19:24
    Severity
    N/A (UNKNOWN) - -
    Summary
    sp mode mail issue where emails in the process of creation may be accessed
    Details
    sp mode mail provided by NTT DOCOMO contains an application link interface so that mail data can be exchanged with external application during email creation. When the application to be linked is selected, the email contents and attachment are saved to the SD card, therefore other Android applications may access this data. Hironori Tokuta reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000028.html",
      "dc:date": "2014-03-25T19:24+09:00",
      "dcterms:issued": "2014-03-18T14:08+09:00",
      "dcterms:modified": "2014-03-25T19:24+09:00",
      "description": "sp mode mail provided by NTT DOCOMO contains an application link interface so that mail data can be exchanged with external application during email creation. When the application to be linked is selected, the email contents and attachment are saved to the SD card, therefore other Android applications may access this data.\r\n\r\nHironori Tokuta reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000028.html",
      "sec:cpe": {
        "#text": "cpe:/a:nttdocomo:spmode_mail_android",
        "@product": "sp mode mail",
        "@vendor": "NTT DOCOMO, INC.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "2.6",
        "@severity": "Low",
        "@type": "Base",
        "@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2014-000028",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN05951929/index.html",
          "@id": "JVN#05951929",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1978",
          "@id": "CVE-2014-1978",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1978",
          "@id": "CVE-2014-1978",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-264",
          "@title": "Permissions(CWE-264)"
        }
      ],
      "title": "sp mode mail issue where emails in the process of creation may be accessed"
    }

    JVNDB-2014-000027

    Vulnerability from jvndb - Published: 2014-03-18 14:07 - Updated:2014-03-24 19:04
    Severity
    N/A (UNKNOWN) - -
    Summary
    sp mode mail issue when accessing attachments in incoming mail
    Details
    sp mode mail provided by NTT DOCOMO contains a function that allows other Android applications to access attachments for incoming emails. This function contains an issue in the restriction of access permissions. Satoru Takekoshi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000027.html",
      "dc:date": "2014-03-24T19:04+09:00",
      "dcterms:issued": "2014-03-18T14:07+09:00",
      "dcterms:modified": "2014-03-24T19:04+09:00",
      "description": "sp mode mail provided by NTT DOCOMO contains a function that allows other Android applications to access attachments for incoming emails. This function contains an issue in the restriction of access permissions.\r\n\r\nSatoru Takekoshi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000027.html",
      "sec:cpe": {
        "#text": "cpe:/a:nttdocomo:spmode_mail_android",
        "@product": "sp mode mail",
        "@vendor": "NTT DOCOMO, INC.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "2.6",
        "@severity": "Low",
        "@type": "Base",
        "@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2014-000027",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN81739241/index.html",
          "@id": "JVN#81739241",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1977",
          "@id": "CVE-2014-1977",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1977",
          "@id": "CVE-2014-1977",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-264",
          "@title": "Permissions(CWE-264)"
        }
      ],
      "title": "sp mode mail issue when accessing attachments in incoming mail"
    }

    JVNDB-2013-000075

    Vulnerability from jvndb - Published: 2013-08-07 15:01 - Updated:2013-08-14 14:17
    Severity
    N/A (UNKNOWN) - -
    Summary
    docomo overseas usage application vulnerability in the connection process
    Details
    docomo overseas usage application provided by NTT DOCOMO contains a vulnerability within the process of connecting to Wi-Fi access points, which may lead to user information being sent unintentionally.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000075.html",
      "dc:date": "2013-08-14T14:17+09:00",
      "dcterms:issued": "2013-08-07T15:01+09:00",
      "dcterms:modified": "2013-08-14T14:17+09:00",
      "description": "docomo overseas usage application provided by NTT DOCOMO contains a vulnerability within the process of connecting to Wi-Fi access points, which may lead to user information being sent unintentionally.",
      "link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000075.html",
      "sec:cpe": {
        "#text": "cpe:/a:nttdocomo:overseas_usage",
        "@product": "docomo overseas usage application",
        "@vendor": "NTT DOCOMO, INC.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "3.3",
        "@severity": "Low",
        "@type": "Base",
        "@vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2013-000075",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN44035194/",
          "@id": "JVN#44035194",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3659",
          "@id": "CVE-2013-3659",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3659",
          "@id": "CVE-2013-3659",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-287",
          "@title": "Improper Authentication(CWE-287)"
        }
      ],
      "title": "docomo overseas usage application vulnerability in the connection process"
    }

    JVNDB-2012-000037

    Vulnerability from jvndb - Published: 2012-04-26 14:21 - Updated:2012-04-26 14:21
    Severity
    N/A (UNKNOWN) - -
    Summary
    sp mode mail issue in the verification of SSL certificates
    Details
    sp mode mail contains an issue in the verification of the SSL server certificate. sp mode mail provided by NTT DOCOMO contains an issue in the verification of the SSL server certificate. Tsukasa Hamano of Open Source Solution Technology Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000037.html",
      "dc:date": "2012-04-26T14:21+09:00",
      "dcterms:issued": "2012-04-26T14:21+09:00",
      "dcterms:modified": "2012-04-26T14:21+09:00",
      "description": "sp mode mail contains an issue in the verification of the SSL server certificate.\r\n\r\nsp mode mail provided by NTT DOCOMO contains an issue in the verification of the SSL server certificate.\r\n\r\nTsukasa Hamano of Open Source Solution Technology Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000037.html",
      "sec:cpe": {
        "#text": "cpe:/a:nttdocomo:spmode_mail_android",
        "@product": "sp mode mail",
        "@vendor": "NTT DOCOMO, INC.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "4.0",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2012-000037",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN82029095/index.html",
          "@id": "JVN#82029095",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1244",
          "@id": "CVE-2012-1244",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1244",
          "@id": "CVE-2012-1244",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "sp mode mail issue in the verification of SSL certificates"
    }

    CVE-2021-20847 (GCVE-0-2021-20847)

    Vulnerability from cvelistv5 – Published: 2021-12-01 02:15 – Updated: 2024-08-03 17:53
    VLAI
    Summary
    Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C) allows a remote unauthenticated attacker to inject an arbitrary script via WebUI of the device.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    NTT DOCOMO, INC. Wi-Fi STATION SH-52A Affected: 38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:53:22.731Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.nttdocomo.co.jp/support/product_update/sh52a/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN19482703/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Wi-Fi STATION SH-52A",
              "vendor": "NTT DOCOMO, INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C) allows a remote unauthenticated attacker to inject an arbitrary script via WebUI of the device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-01T02:15:37.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.nttdocomo.co.jp/support/product_update/sh52a/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN19482703/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20847",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Wi-Fi STATION SH-52A",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NTT DOCOMO, INC."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C) allows a remote unauthenticated attacker to inject an arbitrary script via WebUI of the device."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.nttdocomo.co.jp/support/product_update/sh52a/index.html",
                  "refsource": "MISC",
                  "url": "https://www.nttdocomo.co.jp/support/product_update/sh52a/index.html"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN19482703/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN19482703/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20847",
        "datePublished": "2021-12-01T02:15:37.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:53:22.731Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5914 (GCVE-0-2019-5914)

    Vulnerability from cvelistv5 – Published: 2019-02-13 18:00 – Updated: 2024-08-04 20:09
    VLAI
    Summary
    V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point.
    Severity
    No CVSS data available.
    CWE
    • Null Pointer Exception
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN40439414/index.html third-party-advisoryx_refsource_JVN
    https://www.nttdocomo.co.jp/support/utilization/p… x_refsource_MISC
    Impacted products
    Vendor Product Version
    NTT DOCOMO, INC. V20 PRO L-01J Affected: software version L01J20c and L01J20d
    Create a notification for this product.
    Date Public
    2019-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:09:23.617Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#40439414",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN40439414/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.nttdocomo.co.jp/support/utilization/product_update/list/l01j/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V20 PRO L-01J",
              "vendor": "NTT DOCOMO, INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "software version L01J20c and L01J20d"
                }
              ]
            }
          ],
          "datePublic": "2019-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Null Pointer Exception",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-13T17:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#40439414",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN40439414/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.nttdocomo.co.jp/support/utilization/product_update/list/l01j/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2019-5914",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V20 PRO L-01J",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "software version L01J20c and L01J20d"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NTT DOCOMO, INC."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Null Pointer Exception"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#40439414",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN40439414/index.html"
                },
                {
                  "name": "https://www.nttdocomo.co.jp/support/utilization/product_update/list/l01j/index.html",
                  "refsource": "MISC",
                  "url": "https://www.nttdocomo.co.jp/support/utilization/product_update/list/l01j/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2019-5914",
        "datePublished": "2019-02-13T18:00:00.000Z",
        "dateReserved": "2019-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:09:23.617Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10871 (GCVE-0-2017-10871)

    Vulnerability from cvelistv5 – Published: 2017-11-13 14:00 – Updated: 2024-08-05 17:50
    VLAI
    Summary
    Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier allows an attacker to execute arbitrary code via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Buffer Overflow
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN23367475/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    NTT DOCOMO, INC. Wi-Fi STATION L-02F Software Affected: version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier
    Create a notification for this product.
    Date Public
    2017-11-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:12.716Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#23367475",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN23367475/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Wi-Fi STATION L-02F Software",
              "vendor": "NTT DOCOMO, INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-11-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier allows an attacker to execute arbitrary code via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-13T13:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#23367475",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN23367475/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-10871",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Wi-Fi STATION L-02F Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NTT DOCOMO, INC."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier allows an attacker to execute arbitrary code via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#23367475",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN23367475/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-10871",
        "datePublished": "2017-11-13T14:00:00.000Z",
        "dateReserved": "2017-07-04T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:50:12.716Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10845 (GCVE-0-2017-10845)

    Vulnerability from cvelistv5 – Published: 2017-09-15 17:00 – Updated: 2024-08-05 17:50
    VLAI
    Summary
    Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account.
    Severity
    No CVSS data available.
    CWE
    • CWE-255 - Credential Management (CWE-255)
    Assigner
    References
    URL Tags
    https://www.nttdocomo.co.jp/info/notice/page/1707… x_refsource_MISC
    https://jvn.jp/en//jp/JVN68922465/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    NTT DOCOMO, INC. Wi-Fi STATION L-02F Affected: Software version V10g and earlier
    Create a notification for this product.
    Date Public
    2017-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:12.555Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html"
              },
              {
                "name": "JVN#68922465",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en//jp/JVN68922465/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Wi-Fi STATION L-02F",
              "vendor": "NTT DOCOMO, INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Software version V10g and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-255",
                  "description": "Credential Management (CWE-255)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-15T16:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html"
            },
            {
              "name": "JVN#68922465",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en//jp/JVN68922465/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-10845",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Wi-Fi STATION L-02F",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Software version V10g and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NTT DOCOMO, INC."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Credential Management (CWE-255)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html",
                  "refsource": "MISC",
                  "url": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html"
                },
                {
                  "name": "JVN#68922465",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en//jp/JVN68922465/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-10845",
        "datePublished": "2017-09-15T17:00:00.000Z",
        "dateReserved": "2017-07-04T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:50:12.555Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10846 (GCVE-0-2017-10846)

    Vulnerability from cvelistv5 – Published: 2017-09-15 17:00 – Updated: 2024-08-05 17:50
    VLAI
    Summary
    Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Fails to restrict access
    Assigner
    References
    URL Tags
    https://jvn.jp/en/jp/JVN03044183/index.html third-party-advisoryx_refsource_JVN
    https://www.nttdocomo.co.jp/info/notice/page/1707… x_refsource_MISC
    Impacted products
    Vendor Product Version
    NTT DOCOMO, INC. Wi-Fi STATION L-02F Affected: Software version V10g and earlier
    Create a notification for this product.
    Date Public
    2017-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:12.689Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#03044183",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN03044183/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Wi-Fi STATION L-02F",
              "vendor": "NTT DOCOMO, INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Software version V10g and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Fails to restrict access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-15T16:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#03044183",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN03044183/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-10846",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Wi-Fi STATION L-02F",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Software version V10g and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NTT DOCOMO, INC."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Fails to restrict access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#03044183",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN03044183/index.html"
                },
                {
                  "name": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html",
                  "refsource": "MISC",
                  "url": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-10846",
        "datePublished": "2017-09-15T17:00:00.000Z",
        "dateReserved": "2017-07-04T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:50:12.689Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10812 (GCVE-0-2017-10812)

    Vulnerability from cvelistv5 – Published: 2017-08-28 20:00 – Updated: 2024-08-05 17:50
    VLAI
    Summary
    Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
    Severity
    No CVSS data available.
    CWE
    • Untrusted search path vulnerability
    Assigner
    References
    URL Tags
    https://jvn.jp/en/jp/JVN67954465/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    NTT DOCOMO, INC. Photo Collection PC Software Affected: Ver.4.0.2 and earlier
    Create a notification for this product.
    Date Public
    2017-08-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:12.050Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#67954465",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN67954465/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Photo Collection PC Software",
              "vendor": "NTT DOCOMO, INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.4.0.2 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-08-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Untrusted search path vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T19:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#67954465",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN67954465/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-10812",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Photo Collection PC Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Ver.4.0.2 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NTT DOCOMO, INC."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted search path vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#67954465",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN67954465/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-10812",
        "datePublished": "2017-08-28T20:00:00.000Z",
        "dateReserved": "2017-07-04T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:50:12.050Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4854 (GCVE-0-2016-4854)

    Vulnerability from cvelistv5 – Published: 2017-05-22 16:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site request forgery
    Assigner
    References
    URL Tags
    http://jvndb.jvn.jp/jvndb/JVNDB-2016-000194 third-party-advisoryx_refsource_JVNDB
    https://jvn.jp/en/jp/JVN46351856/index.html third-party-advisoryx_refsource_JVN
    http://www.securityfocus.com/bid/93278 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    NTT DOCOMO, INC. L-04D Affected: firmware version V10a and V10b
    Create a notification for this product.
    Date Public
    2016-10-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:38.434Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVNDB-2016-000194",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000194"
              },
              {
                "name": "JVN#46351856",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN46351856/index.html"
              },
              {
                "name": "93278",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93278"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "L-04D",
              "vendor": "NTT DOCOMO, INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware version V10a and V10b"
                }
              ]
            }
          ],
          "datePublic": "2016-10-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site request forgery",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-23T09:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVNDB-2016-000194",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000194"
            },
            {
              "name": "JVN#46351856",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN46351856/index.html"
            },
            {
              "name": "93278",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93278"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-4854",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "L-04D",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware version V10a and V10b"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NTT DOCOMO, INC."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site request forgery"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVNDB-2016-000194",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000194"
                },
                {
                  "name": "JVN#46351856",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN46351856/index.html"
                },
                {
                  "name": "93278",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93278"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-4854",
        "datePublished": "2017-05-22T16:00:00.000Z",
        "dateReserved": "2016-05-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:38.434Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20847 (GCVE-0-2021-20847)

    Vulnerability from nvd – Published: 2021-12-01 02:15 – Updated: 2024-08-03 17:53
    VLAI
    Summary
    Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C) allows a remote unauthenticated attacker to inject an arbitrary script via WebUI of the device.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    NTT DOCOMO, INC. Wi-Fi STATION SH-52A Affected: 38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:53:22.731Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.nttdocomo.co.jp/support/product_update/sh52a/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN19482703/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Wi-Fi STATION SH-52A",
              "vendor": "NTT DOCOMO, INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C) allows a remote unauthenticated attacker to inject an arbitrary script via WebUI of the device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-01T02:15:37.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.nttdocomo.co.jp/support/product_update/sh52a/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN19482703/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20847",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Wi-Fi STATION SH-52A",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NTT DOCOMO, INC."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C) allows a remote unauthenticated attacker to inject an arbitrary script via WebUI of the device."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.nttdocomo.co.jp/support/product_update/sh52a/index.html",
                  "refsource": "MISC",
                  "url": "https://www.nttdocomo.co.jp/support/product_update/sh52a/index.html"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN19482703/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN19482703/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20847",
        "datePublished": "2021-12-01T02:15:37.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:53:22.731Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5914 (GCVE-0-2019-5914)

    Vulnerability from nvd – Published: 2019-02-13 18:00 – Updated: 2024-08-04 20:09
    VLAI
    Summary
    V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point.
    Severity
    No CVSS data available.
    CWE
    • Null Pointer Exception
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN40439414/index.html third-party-advisoryx_refsource_JVN
    https://www.nttdocomo.co.jp/support/utilization/p… x_refsource_MISC
    Impacted products
    Vendor Product Version
    NTT DOCOMO, INC. V20 PRO L-01J Affected: software version L01J20c and L01J20d
    Create a notification for this product.
    Date Public
    2019-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:09:23.617Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#40439414",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN40439414/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.nttdocomo.co.jp/support/utilization/product_update/list/l01j/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "V20 PRO L-01J",
              "vendor": "NTT DOCOMO, INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "software version L01J20c and L01J20d"
                }
              ]
            }
          ],
          "datePublic": "2019-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Null Pointer Exception",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-13T17:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#40439414",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN40439414/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.nttdocomo.co.jp/support/utilization/product_update/list/l01j/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2019-5914",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "V20 PRO L-01J",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "software version L01J20c and L01J20d"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NTT DOCOMO, INC."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Null Pointer Exception"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#40439414",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN40439414/index.html"
                },
                {
                  "name": "https://www.nttdocomo.co.jp/support/utilization/product_update/list/l01j/index.html",
                  "refsource": "MISC",
                  "url": "https://www.nttdocomo.co.jp/support/utilization/product_update/list/l01j/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2019-5914",
        "datePublished": "2019-02-13T18:00:00.000Z",
        "dateReserved": "2019-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:09:23.617Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10871 (GCVE-0-2017-10871)

    Vulnerability from nvd – Published: 2017-11-13 14:00 – Updated: 2024-08-05 17:50
    VLAI
    Summary
    Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier allows an attacker to execute arbitrary code via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Buffer Overflow
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN23367475/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    NTT DOCOMO, INC. Wi-Fi STATION L-02F Software Affected: version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier
    Create a notification for this product.
    Date Public
    2017-11-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:12.716Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#23367475",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN23367475/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Wi-Fi STATION L-02F Software",
              "vendor": "NTT DOCOMO, INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-11-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier allows an attacker to execute arbitrary code via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-13T13:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#23367475",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN23367475/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-10871",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Wi-Fi STATION L-02F Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NTT DOCOMO, INC."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier allows an attacker to execute arbitrary code via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#23367475",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN23367475/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-10871",
        "datePublished": "2017-11-13T14:00:00.000Z",
        "dateReserved": "2017-07-04T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:50:12.716Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10846 (GCVE-0-2017-10846)

    Vulnerability from nvd – Published: 2017-09-15 17:00 – Updated: 2024-08-05 17:50
    VLAI
    Summary
    Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Fails to restrict access
    Assigner
    References
    URL Tags
    https://jvn.jp/en/jp/JVN03044183/index.html third-party-advisoryx_refsource_JVN
    https://www.nttdocomo.co.jp/info/notice/page/1707… x_refsource_MISC
    Impacted products
    Vendor Product Version
    NTT DOCOMO, INC. Wi-Fi STATION L-02F Affected: Software version V10g and earlier
    Create a notification for this product.
    Date Public
    2017-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:12.689Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#03044183",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN03044183/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Wi-Fi STATION L-02F",
              "vendor": "NTT DOCOMO, INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Software version V10g and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Fails to restrict access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-15T16:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#03044183",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN03044183/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-10846",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Wi-Fi STATION L-02F",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Software version V10g and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NTT DOCOMO, INC."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Fails to restrict access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#03044183",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN03044183/index.html"
                },
                {
                  "name": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html",
                  "refsource": "MISC",
                  "url": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-10846",
        "datePublished": "2017-09-15T17:00:00.000Z",
        "dateReserved": "2017-07-04T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:50:12.689Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10845 (GCVE-0-2017-10845)

    Vulnerability from nvd – Published: 2017-09-15 17:00 – Updated: 2024-08-05 17:50
    VLAI
    Summary
    Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account.
    Severity
    No CVSS data available.
    CWE
    • CWE-255 - Credential Management (CWE-255)
    Assigner
    References
    URL Tags
    https://www.nttdocomo.co.jp/info/notice/page/1707… x_refsource_MISC
    https://jvn.jp/en//jp/JVN68922465/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    NTT DOCOMO, INC. Wi-Fi STATION L-02F Affected: Software version V10g and earlier
    Create a notification for this product.
    Date Public
    2017-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:12.555Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html"
              },
              {
                "name": "JVN#68922465",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en//jp/JVN68922465/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Wi-Fi STATION L-02F",
              "vendor": "NTT DOCOMO, INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Software version V10g and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-255",
                  "description": "Credential Management (CWE-255)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-15T16:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html"
            },
            {
              "name": "JVN#68922465",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en//jp/JVN68922465/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-10845",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Wi-Fi STATION L-02F",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Software version V10g and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NTT DOCOMO, INC."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Credential Management (CWE-255)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html",
                  "refsource": "MISC",
                  "url": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html"
                },
                {
                  "name": "JVN#68922465",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en//jp/JVN68922465/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-10845",
        "datePublished": "2017-09-15T17:00:00.000Z",
        "dateReserved": "2017-07-04T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:50:12.555Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10812 (GCVE-0-2017-10812)

    Vulnerability from nvd – Published: 2017-08-28 20:00 – Updated: 2024-08-05 17:50
    VLAI
    Summary
    Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
    Severity
    No CVSS data available.
    CWE
    • Untrusted search path vulnerability
    Assigner
    References
    URL Tags
    https://jvn.jp/en/jp/JVN67954465/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    NTT DOCOMO, INC. Photo Collection PC Software Affected: Ver.4.0.2 and earlier
    Create a notification for this product.
    Date Public
    2017-08-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:12.050Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#67954465",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN67954465/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Photo Collection PC Software",
              "vendor": "NTT DOCOMO, INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.4.0.2 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-08-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Untrusted search path vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T19:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#67954465",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN67954465/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-10812",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Photo Collection PC Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Ver.4.0.2 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NTT DOCOMO, INC."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted search path vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#67954465",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN67954465/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-10812",
        "datePublished": "2017-08-28T20:00:00.000Z",
        "dateReserved": "2017-07-04T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:50:12.050Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4854 (GCVE-0-2016-4854)

    Vulnerability from nvd – Published: 2017-05-22 16:00 – Updated: 2024-08-06 00:46
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site request forgery
    Assigner
    References
    URL Tags
    http://jvndb.jvn.jp/jvndb/JVNDB-2016-000194 third-party-advisoryx_refsource_JVNDB
    https://jvn.jp/en/jp/JVN46351856/index.html third-party-advisoryx_refsource_JVN
    http://www.securityfocus.com/bid/93278 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    NTT DOCOMO, INC. L-04D Affected: firmware version V10a and V10b
    Create a notification for this product.
    Date Public
    2016-10-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:46:38.434Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVNDB-2016-000194",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000194"
              },
              {
                "name": "JVN#46351856",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN46351856/index.html"
              },
              {
                "name": "93278",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93278"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "L-04D",
              "vendor": "NTT DOCOMO, INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware version V10a and V10b"
                }
              ]
            }
          ],
          "datePublic": "2016-10-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site request forgery",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-23T09:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVNDB-2016-000194",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000194"
            },
            {
              "name": "JVN#46351856",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN46351856/index.html"
            },
            {
              "name": "93278",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93278"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-4854",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "L-04D",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware version V10a and V10b"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NTT DOCOMO, INC."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site request forgery"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVNDB-2016-000194",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000194"
                },
                {
                  "name": "JVN#46351856",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN46351856/index.html"
                },
                {
                  "name": "93278",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93278"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-4854",
        "datePublished": "2017-05-22T16:00:00.000Z",
        "dateReserved": "2016-05-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:46:38.434Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }