Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
17 vulnerabilities by nttdocomo
VAR-201709-0210
Vulnerability from variot - Updated: 2023-12-18 13:52Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account. Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. contains a backdoor access issue. Japan Computer Emergency Response Team Coordination Center Global Coordination Division Cyber Metrics Line Information Security Analyst Keisuke Shikano reported this vulnerability to IPA. The reporter has conducted a test and confirmed that an attacker can log in to the device through internet by using an ID and a password, and execute arbitrary command. NTT DOCOMO Wi-Fi STATION L-02F Software is a set of software used in L-02F router by NTT DOCOMO, Japan. A security vulnerability exists in NTT DOCOMO Wi-Fi STATION L-02F Software V10g and earlier versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0210",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wi-fi station l-02f",
"scope": "lte",
"trust": 1.0,
"vendor": "nttdocomo",
"version": "v10g"
},
{
"model": "wi-fi station l-02f",
"scope": "lte",
"trust": 0.8,
"vendor": "ntt docomo",
"version": "software version v10g"
},
{
"model": "wi-fi station l-02f",
"scope": "eq",
"trust": 0.6,
"vendor": "nttdocomo",
"version": "v10g"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000217"
},
{
"db": "NVD",
"id": "CVE-2017-10845"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-784"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nttdocomo:wi-fi_station_l-02f_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "v10g",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nttdocomo:wi-fi_station_l-02f:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10845"
}
]
},
"cve": "CVE-2017-10845",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2017-000217",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-101208",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-10845",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000217",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-10845",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2017-000217",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-784",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-101208",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-10845",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101208"
},
{
"db": "VULMON",
"id": "CVE-2017-10845"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000217"
},
{
"db": "NVD",
"id": "CVE-2017-10845"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-784"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account. Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. contains a backdoor access issue. Japan Computer Emergency Response Team Coordination Center Global Coordination Division Cyber Metrics Line Information Security Analyst Keisuke Shikano reported this vulnerability to IPA. The reporter has conducted a test and confirmed that an attacker can log in to the device through internet by using an ID and a password, and execute arbitrary command. NTT DOCOMO Wi-Fi STATION L-02F Software is a set of software used in L-02F router by NTT DOCOMO, Japan. A security vulnerability exists in NTT DOCOMO Wi-Fi STATION L-02F Software V10g and earlier versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10845"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000217"
},
{
"db": "VULHUB",
"id": "VHN-101208"
},
{
"db": "VULMON",
"id": "CVE-2017-10845"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-10845",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVN68922465",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000217",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-784",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-101208",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-10845",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101208"
},
{
"db": "VULMON",
"id": "CVE-2017-10845"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000217"
},
{
"db": "NVD",
"id": "CVE-2017-10845"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-784"
}
]
},
"id": "VAR-201709-0210",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-101208"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:52:54.712000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NTT DOCOMO, INC. website",
"trust": 0.8,
"url": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html"
},
{
"title": "NTT DOCOMO Wi-Fi STATION L-02F Software Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74956"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000217"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-784"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101208"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000217"
},
{
"db": "NVD",
"id": "CVE-2017-10845"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://jvn.jp/en//jp/jvn68922465/index.html"
},
{
"trust": 1.8,
"url": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10845"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20170912-jvn.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2017/at170034.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/en/jp/jvn68922465/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10845"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101208"
},
{
"db": "VULMON",
"id": "CVE-2017-10845"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000217"
},
{
"db": "NVD",
"id": "CVE-2017-10845"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-784"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-101208"
},
{
"db": "VULMON",
"id": "CVE-2017-10845"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000217"
},
{
"db": "NVD",
"id": "CVE-2017-10845"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-784"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-15T00:00:00",
"db": "VULHUB",
"id": "VHN-101208"
},
{
"date": "2017-09-15T00:00:00",
"db": "VULMON",
"id": "CVE-2017-10845"
},
{
"date": "2017-09-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000217"
},
{
"date": "2017-09-15T17:29:00.273000",
"db": "NVD",
"id": "CVE-2017-10845"
},
{
"date": "2017-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-784"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-101208"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-10845"
},
{
"date": "2018-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000217"
},
{
"date": "2019-10-09T23:21:47.370000",
"db": "NVD",
"id": "CVE-2017-10845"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-784"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-784"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Backdoor access issue in Wi-Fi STATION L-02F",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000217"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-784"
}
],
"trust": 0.6
}
}
VAR-201902-0204
Vulnerability from variot - Updated: 2023-12-18 13:38V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point. V20 PRO L-01J provided by NTT DOCOMO, INC. is an Android smartphone. V20 PRO L-01J contains a flaw in processing connection using Wi-Fi CERTIFIED Passpoint which may result in the device to crash when Poasspoint is enabled. Hiroyuki Harada of Sapporo Gakuin University, Masashi Honma of Sole Proprietorship, and Hideaki Goto of Tohoku University reported this vulnerability to IPA. LG V20 PRO L-01J is a smartphone produced by South Korea's LG Company. A security vulnerability exists in the LG V20 PRO L-01J L01J20c version and L01J20d version
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0204",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "v20 pro l-01j",
"scope": "eq",
"trust": 1.0,
"vendor": "nttdocomo",
"version": "l01j20d"
},
{
"model": "v20 pro l-01j",
"scope": "eq",
"trust": 1.0,
"vendor": "nttdocomo",
"version": "l01j20c"
},
{
"model": "v20 pro l-01j",
"scope": "eq",
"trust": 0.8,
"vendor": "ntt docomo",
"version": "software version l01j20c and l01j20d"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-000008"
},
{
"db": "NVD",
"id": "CVE-2019-5914"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nttdocomo:v20_pro_l-01j_firmware:l01j20d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:nttdocomo:v20_pro_l-01j_firmware:l01j20c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nttdocomo:v20_pro_l-01j:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5914"
}
]
},
"cve": "CVE-2019-5914",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.5,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 3.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-000008",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 5.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.5,
"id": "VHN-157349",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-000008",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5914",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2019-000008",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-550",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-157349",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157349"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-000008"
},
{
"db": "NVD",
"id": "CVE-2019-5914"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-550"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer exception flaw that can be used by an attacker to cause the device to crash on the same network range via a specially crafted access point. V20 PRO L-01J provided by NTT DOCOMO, INC. is an Android smartphone. V20 PRO L-01J contains a flaw in processing connection using Wi-Fi CERTIFIED Passpoint which may result in the device to crash when Poasspoint is enabled. Hiroyuki Harada of Sapporo Gakuin University, Masashi Honma of Sole Proprietorship, and Hideaki Goto of Tohoku University reported this vulnerability to IPA. LG V20 PRO L-01J is a smartphone produced by South Korea\u0027s LG Company. A security vulnerability exists in the LG V20 PRO L-01J L01J20c version and L01J20d version",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5914"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-000008"
},
{
"db": "VULHUB",
"id": "VHN-157349"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5914",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVN40439414",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-000008",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201902-550",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-157349",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157349"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-000008"
},
{
"db": "NVD",
"id": "CVE-2019-5914"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-550"
}
]
},
"id": "VAR-201902-0204",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-157349"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:38:23.903000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Information from NTT DOCOMO, INC.",
"trust": 0.8,
"url": "https://www.nttdocomo.co.jp/support/utilization/product_update/list/l01j/index.html"
},
{
"title": "LG V20 PRO L-01J Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89354"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-000008"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-550"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157349"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-000008"
},
{
"db": "NVD",
"id": "CVE-2019-5914"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://jvn.jp/en/jp/jvn40439414/index.html"
},
{
"trust": 1.7,
"url": "https://www.nttdocomo.co.jp/support/utilization/product_update/list/l01j/index.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5914"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5914"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2019/jvndb-2019-000008.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157349"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-000008"
},
{
"db": "NVD",
"id": "CVE-2019-5914"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-550"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-157349"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-000008"
},
{
"db": "NVD",
"id": "CVE-2019-5914"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-550"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-157349"
},
{
"date": "2019-02-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-000008"
},
{
"date": "2019-02-13T18:29:00.980000",
"db": "NVD",
"id": "CVE-2019-5914"
},
{
"date": "2019-02-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-550"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-15T00:00:00",
"db": "VULHUB",
"id": "VHN-157349"
},
{
"date": "2019-02-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-000008"
},
{
"date": "2019-02-15T13:24:29.297000",
"db": "NVD",
"id": "CVE-2019-5914"
},
{
"date": "2019-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-550"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-550"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in V20 PRO L-01J that may cause a crash",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-000008"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-550"
}
],
"trust": 0.6
}
}
VAR-201705-1945
Vulnerability from variot - Updated: 2023-12-18 13:08Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors. L-04D provided by NTT DOCOMO, INC. is a wireless WiFi router. L-04D contains a cross-site request forgery vulnerability in the the web management screen. Atsuo Sakurai of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged-in, unintended operations may be conducted. LGElectronicsL-04D is a wireless router from LG Electronics of South Korea. An attacker could exploit the vulnerability to perform unauthorized actions. This may lead to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-1945",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "l-04d",
"scope": "eq",
"trust": 1.6,
"vendor": "nttdocomo",
"version": "v10a"
},
{
"model": "l-04d",
"scope": "eq",
"trust": 1.6,
"vendor": "nttdocomo",
"version": "v10b"
},
{
"model": "l-04d",
"scope": "eq",
"trust": 0.8,
"vendor": "lg",
"version": "firmware version v10a and v10b"
},
{
"model": "electronics l-04d 10a",
"scope": null,
"trust": 0.6,
"vendor": "lg",
"version": null
},
{
"model": "electronics l-04d 10b",
"scope": null,
"trust": 0.6,
"vendor": "lg",
"version": null
},
{
"model": "docomo inc l-04d 10b",
"scope": null,
"trust": 0.3,
"vendor": "ntt",
"version": null
},
{
"model": "docomo inc l-04d 10a",
"scope": null,
"trust": 0.3,
"vendor": "ntt",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09013"
},
{
"db": "BID",
"id": "93278"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000194"
},
{
"db": "NVD",
"id": "CVE-2016-4854"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-046"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nttdocomo:l-04d_firmware:v10b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:nttdocomo:l-04d_firmware:v10a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nttdocomo:l-04d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4854"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Atsuo Sakurai of Cyber Defense Institute, Inc.",
"sources": [
{
"db": "BID",
"id": "93278"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-046"
}
],
"trust": 0.9
},
"cve": "CVE-2016-4854",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000194",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-09013",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-93673",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000194",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4854",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-000194",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-09013",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-046",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-93673",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09013"
},
{
"db": "VULHUB",
"id": "VHN-93673"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000194"
},
{
"db": "NVD",
"id": "CVE-2016-4854"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-046"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors. L-04D provided by NTT DOCOMO, INC. is a wireless WiFi router. L-04D contains a cross-site request forgery vulnerability in the the web management screen. Atsuo Sakurai of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged-in, unintended operations may be conducted. LGElectronicsL-04D is a wireless router from LG Electronics of South Korea. An attacker could exploit the vulnerability to perform unauthorized actions. This may lead to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4854"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000194"
},
{
"db": "CNVD",
"id": "CNVD-2016-09013"
},
{
"db": "BID",
"id": "93278"
},
{
"db": "VULHUB",
"id": "VHN-93673"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4854",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000194",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN46351856",
"trust": 2.8
},
{
"db": "BID",
"id": "93278",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201610-046",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-09013",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-93673",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09013"
},
{
"db": "VULHUB",
"id": "VHN-93673"
},
{
"db": "BID",
"id": "93278"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000194"
},
{
"db": "NVD",
"id": "CVE-2016-4854"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-046"
}
]
},
"id": "VAR-201705-1945",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09013"
},
{
"db": "VULHUB",
"id": "VHN-93673"
}
],
"trust": 1.27857144
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09013"
}
]
},
"last_update_date": "2023-12-18T13:08:51.463000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Mobile WiFi router L-04D (software update available on 2016/7/12)",
"trust": 0.8,
"url": "https://www.nttdocomo.co.jp/support/utilization/product_update/list/l04d/index.html#p04"
},
{
"title": "Patch for LGElectronicsL-04D Cross-Site Request Forgery Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/82419"
},
{
"title": "LG Electronics L-04D Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=64478"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09013"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000194"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-046"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93673"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000194"
},
{
"db": "NVD",
"id": "CVE-2016-4854"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://jvn.jp/en/jp/jvn46351856/index.html"
},
{
"trust": 2.3,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000194"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/93278"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4854"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4854"
},
{
"trust": 0.3,
"url": "https://www.nttdocomo.co.jp/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09013"
},
{
"db": "VULHUB",
"id": "VHN-93673"
},
{
"db": "BID",
"id": "93278"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000194"
},
{
"db": "NVD",
"id": "CVE-2016-4854"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-046"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-09013"
},
{
"db": "VULHUB",
"id": "VHN-93673"
},
{
"db": "BID",
"id": "93278"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000194"
},
{
"db": "NVD",
"id": "CVE-2016-4854"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-046"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-09013"
},
{
"date": "2017-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-93673"
},
{
"date": "2016-10-03T00:00:00",
"db": "BID",
"id": "93278"
},
{
"date": "2016-10-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000194"
},
{
"date": "2017-05-22T16:29:00.183000",
"db": "NVD",
"id": "CVE-2016-4854"
},
{
"date": "2016-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-046"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-09013"
},
{
"date": "2017-05-31T00:00:00",
"db": "VULHUB",
"id": "VHN-93673"
},
{
"date": "2016-10-10T02:01:00",
"db": "BID",
"id": "93278"
},
{
"date": "2018-01-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000194"
},
{
"date": "2017-05-31T15:05:28.133000",
"db": "NVD",
"id": "CVE-2016-4854"
},
{
"date": "2017-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-046"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-046"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Docomo L-04D mobile WiFi router vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000194"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-046"
}
],
"trust": 0.6
}
}
VAR-201709-0211
Vulnerability from variot - Updated: 2023-12-18 13:02Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors. Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. fails to restrict access permissions. Japan Computer Emergency Response Team Coordination Center Global Coordination Division Cyber Metrics Line Information Security Analyst Keisuke Shikano reported this vulnerability to IPA. NTT DOCOMO Wi-Fi STATION L-02F Software is a set of software used in routers by NTT DOCOMO, Japan. A security vulnerability exists in NTT DOCOMO Wi-Fi STATION L-02F Software V10b and earlier versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0211",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wi-fi station l-02f",
"scope": "lte",
"trust": 1.0,
"vendor": "nttdocomo",
"version": "v10b"
},
{
"model": "wi-fi station l-02f",
"scope": "lte",
"trust": 0.8,
"vendor": "ntt docomo",
"version": "software version v10b"
},
{
"model": "wi-fi station l-02f",
"scope": "eq",
"trust": 0.6,
"vendor": "nttdocomo",
"version": "v10b"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000218"
},
{
"db": "NVD",
"id": "CVE-2017-10846"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-783"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nttdocomo:wi-fi_station_l-02f_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "v10b",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nttdocomo:wi-fi_station_l-02f:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10846"
}
]
},
"cve": "CVE-2017-10846",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000218",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-101209",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000218",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-10846",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-000218",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-783",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-101209",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101209"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000218"
},
{
"db": "NVD",
"id": "CVE-2017-10846"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-783"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors. Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. fails to restrict access permissions. Japan Computer Emergency Response Team Coordination Center Global Coordination Division Cyber Metrics Line Information Security Analyst Keisuke Shikano reported this vulnerability to IPA. NTT DOCOMO Wi-Fi STATION L-02F Software is a set of software used in routers by NTT DOCOMO, Japan. A security vulnerability exists in NTT DOCOMO Wi-Fi STATION L-02F Software V10b and earlier versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10846"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000218"
},
{
"db": "VULHUB",
"id": "VHN-101209"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN03044183",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2017-10846",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000218",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-783",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-101209",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101209"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000218"
},
{
"db": "NVD",
"id": "CVE-2017-10846"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-783"
}
]
},
"id": "VAR-201709-0211",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-101209"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:02:57.718000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NTT DOCOMO, INC. website",
"trust": 0.8,
"url": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html"
},
{
"title": "NTT DOCOMO Wi-Fi STATION L-02F Software Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74955"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000218"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-783"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.8
},
{
"problemtype": "CWE-284",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101209"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000218"
},
{
"db": "NVD",
"id": "CVE-2017-10846"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn03044183/index.html"
},
{
"trust": 1.7,
"url": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10846"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10846"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101209"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000218"
},
{
"db": "NVD",
"id": "CVE-2017-10846"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-783"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-101209"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000218"
},
{
"db": "NVD",
"id": "CVE-2017-10846"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-783"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-15T00:00:00",
"db": "VULHUB",
"id": "VHN-101209"
},
{
"date": "2017-09-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000218"
},
{
"date": "2017-09-15T17:29:00.303000",
"db": "NVD",
"id": "CVE-2017-10846"
},
{
"date": "2017-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-783"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-101209"
},
{
"date": "2018-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000218"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-10846"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-783"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-783"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wi-Fi STATION L-02F fails to restrict access permissions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000218"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-783"
}
],
"trust": 0.6
}
}
VAR-201711-0035
Vulnerability from variot - Updated: 2023-12-18 12:19Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier allows an attacker to execute arbitrary code via unspecified vectors. Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. contains a buffer overflow vulnerability. Daisuke Makita and Hayato Ushimaru of National Institute of Information and Communications Technology, Jumpei Shimamura of clwit, Inc. and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Receiving crafted packets sent by a remote attacker may cause a buffer overflow condition. As a result, the attacker may execute arbitrary code with the root previlege. NTT DOCOMO Wi-Fi STATION L-02F Software is a system used in portable routers by NTT DOCOMO, Japan
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0035",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wi-fi station l-02f",
"scope": "lte",
"trust": 1.0,
"vendor": "nttdocomo",
"version": "l02f-mdm9625-v10h-jun-23-2017-dcm-jp"
},
{
"model": "wi-fi station l-02f",
"scope": "lte",
"trust": 0.8,
"vendor": "ntt docomo",
"version": "software version l02f-mdm9625-v10h-jun-23-2017-dcm-jp"
},
{
"model": "wi-fi station l-02f",
"scope": "eq",
"trust": 0.6,
"vendor": "nttdocomo",
"version": "l02f-mdm9625-v10h-jun-23-2017-dcm-jp"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000232"
},
{
"db": "NVD",
"id": "CVE-2017-10871"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-388"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nttdocomo:wi-fi_station_l-02f_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "l02f-mdm9625-v10h-jun-23-2017-dcm-jp",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nttdocomo:wi-fi_station_l-02f:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10871"
}
]
},
"cve": "CVE-2017-10871",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2017-000232",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-101237",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-10871",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000232",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-10871",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2017-000232",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-388",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-101237",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-10871",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101237"
},
{
"db": "VULMON",
"id": "CVE-2017-10871"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000232"
},
{
"db": "NVD",
"id": "CVE-2017-10871"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-388"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier allows an attacker to execute arbitrary code via unspecified vectors. Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. contains a buffer overflow vulnerability. Daisuke Makita and Hayato Ushimaru of National Institute of Information and Communications Technology, Jumpei Shimamura of clwit, Inc. and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Receiving crafted packets sent by a remote attacker may cause a buffer overflow condition. As a result, the attacker may execute arbitrary code with the root previlege. NTT DOCOMO Wi-Fi STATION L-02F Software is a system used in portable routers by NTT DOCOMO, Japan",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10871"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000232"
},
{
"db": "VULHUB",
"id": "VHN-101237"
},
{
"db": "VULMON",
"id": "CVE-2017-10871"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-10871",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVN23367475",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000232",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-388",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-101237",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-10871",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101237"
},
{
"db": "VULMON",
"id": "CVE-2017-10871"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000232"
},
{
"db": "NVD",
"id": "CVE-2017-10871"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-388"
}
]
},
"id": "VAR-201711-0035",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-101237"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:19:24.738000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NTT DOCOMO, INC. website",
"trust": 0.8,
"url": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html"
},
{
"title": "NTT DOCOMO Wi-Fi STATION L-02F Software Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76256"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000232"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-388"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101237"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000232"
},
{
"db": "NVD",
"id": "CVE-2017-10871"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://jvn.jp/en/jp/jvn23367475/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10871"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20171106-jvn.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10871"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101237"
},
{
"db": "VULMON",
"id": "CVE-2017-10871"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000232"
},
{
"db": "NVD",
"id": "CVE-2017-10871"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-388"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-101237"
},
{
"db": "VULMON",
"id": "CVE-2017-10871"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000232"
},
{
"db": "NVD",
"id": "CVE-2017-10871"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-388"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-13T00:00:00",
"db": "VULHUB",
"id": "VHN-101237"
},
{
"date": "2017-11-13T00:00:00",
"db": "VULMON",
"id": "CVE-2017-10871"
},
{
"date": "2017-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000232"
},
{
"date": "2017-11-13T14:29:00.540000",
"db": "NVD",
"id": "CVE-2017-10871"
},
{
"date": "2017-11-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-388"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-101237"
},
{
"date": "2017-11-29T00:00:00",
"db": "VULMON",
"id": "CVE-2017-10871"
},
{
"date": "2018-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000232"
},
{
"date": "2017-11-29T17:18:08.850000",
"db": "NVD",
"id": "CVE-2017-10871"
},
{
"date": "2017-11-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-388"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-388"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wi-Fi STATION L-02F vulnerable to buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000232"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-388"
}
],
"trust": 0.6
}
}
CVE-2017-10812 (GCVE-0-2017-10812)
Vulnerability from nvd – Published: 2017-08-28 20:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN67954465/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NTT DOCOMO, INC. | Photo Collection PC Software |
Affected:
Ver.4.0.2 and earlier
|
Date Public
2017-08-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#67954465",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN67954465/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Photo Collection PC Software",
"vendor": "NTT DOCOMO, INC.",
"versions": [
{
"status": "affected",
"version": "Ver.4.0.2 and earlier"
}
]
}
],
"datePublic": "2017-08-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#67954465",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN67954465/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Photo Collection PC Software",
"version": {
"version_data": [
{
"version_value": "Ver.4.0.2 and earlier"
}
]
}
}
]
},
"vendor_name": "NTT DOCOMO, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#67954465",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN67954465/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10812",
"datePublished": "2017-08-28T20:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1979 (GCVE-0-2014-1979)
Vulnerability from nvd – Published: 2014-03-19 14:00 – Updated: 2024-08-06 09:58
VLAI
Summary
The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN89260331/index.html | third-party-advisoryx_refsource_JVN |
| http://jvndb.jvn.jp/jvndb/JVNDB-2014-000029 | third-party-advisoryx_refsource_JVNDB |
Date Public
2014-03-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:15.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#89260331",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN89260331/index.html"
},
{
"name": "JVNDB-2014-000029",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000029"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-19T14:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#89260331",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN89260331/index.html"
},
{
"name": "JVNDB-2014-000029",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000029"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-1979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#89260331",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN89260331/index.html"
},
{
"name": "JVNDB-2014-000029",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000029"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-1979",
"datePublished": "2014-03-19T14:00:00.000Z",
"dateReserved": "2014-02-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:58:15.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1978 (GCVE-0-2014-1978)
Vulnerability from nvd – Published: 2014-03-19 14:00 – Updated: 2024-08-06 09:58
VLAI
Summary
The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card during e-mail composition, which allows attackers to obtain sensitive information via a crafted application.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN05951929/index.html | third-party-advisoryx_refsource_JVN |
| http://jvndb.jvn.jp/jvndb/JVNDB-2014-000028 | third-party-advisoryx_refsource_JVNDB |
Date Public
2014-03-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:15.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#05951929",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN05951929/index.html"
},
{
"name": "JVNDB-2014-000028",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card during e-mail composition, which allows attackers to obtain sensitive information via a crafted application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-19T14:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#05951929",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN05951929/index.html"
},
{
"name": "JVNDB-2014-000028",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000028"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-1978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card during e-mail composition, which allows attackers to obtain sensitive information via a crafted application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#05951929",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN05951929/index.html"
},
{
"name": "JVNDB-2014-000028",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000028"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-1978",
"datePublished": "2014-03-19T14:00:00.000Z",
"dateReserved": "2014-02-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:58:15.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1977 (GCVE-0-2014-1977)
Vulnerability from nvd – Published: 2014-03-19 14:00 – Updated: 2024-08-06 09:58
VLAI
Summary
The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail messages, which allows attackers to obtain sensitive information via a crafted application.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2014-000027 | third-party-advisoryx_refsource_JVNDB |
| http://jvn.jp/en/jp/JVN81739241/index.html | third-party-advisoryx_refsource_JVN |
Date Public
2014-03-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:16.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2014-000027",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000027"
},
{
"name": "JVN#81739241",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN81739241/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail messages, which allows attackers to obtain sensitive information via a crafted application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-19T14:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2014-000027",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000027"
},
{
"name": "JVN#81739241",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN81739241/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-1977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail messages, which allows attackers to obtain sensitive information via a crafted application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2014-000027",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000027"
},
{
"name": "JVN#81739241",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN81739241/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-1977",
"datePublished": "2014-03-19T14:00:00.000Z",
"dateReserved": "2014-02-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:58:16.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3659 (GCVE-0-2013-3659)
Vulnerability from nvd – Published: 2013-08-09 19:00 – Updated: 2024-08-06 16:14
VLAI
Summary
The NTT DOCOMO overseas usage application 2.0.0 through 2.0.4 for Android does not properly connect to Wi-Fi access points, which allows remote attackers to obtain sensitive information by leveraging presence in an 802.11 network's coverage area.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://play.google.com/store/apps/details?id=com… | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN44035194/index.html | third-party-advisoryx_refsource_JVN |
| http://jvn.jp/en/jp/JVN44035194/995312/index.html | x_refsource_CONFIRM |
| http://jvndb.jvn.jp/jvndb/JVNDB-2013-000075 | third-party-advisoryx_refsource_JVNDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2013-08-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=com.nttdocomo.android.gs.utility"
},
{
"name": "JVN#44035194",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN44035194/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN44035194/995312/index.html"
},
{
"name": "JVNDB-2013-000075",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000075"
},
{
"name": "docomooverseasusage-wifi-info-disclosure(86361)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86361"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The NTT DOCOMO overseas usage application 2.0.0 through 2.0.4 for Android does not properly connect to Wi-Fi access points, which allows remote attackers to obtain sensitive information by leveraging presence in an 802.11 network\u0027s coverage area."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://play.google.com/store/apps/details?id=com.nttdocomo.android.gs.utility"
},
{
"name": "JVN#44035194",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN44035194/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jvn.jp/en/jp/JVN44035194/995312/index.html"
},
{
"name": "JVNDB-2013-000075",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000075"
},
{
"name": "docomooverseasusage-wifi-info-disclosure(86361)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86361"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-3659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NTT DOCOMO overseas usage application 2.0.0 through 2.0.4 for Android does not properly connect to Wi-Fi access points, which allows remote attackers to obtain sensitive information by leveraging presence in an 802.11 network\u0027s coverage area."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://play.google.com/store/apps/details?id=com.nttdocomo.android.gs.utility",
"refsource": "CONFIRM",
"url": "https://play.google.com/store/apps/details?id=com.nttdocomo.android.gs.utility"
},
{
"name": "JVN#44035194",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN44035194/index.html"
},
{
"name": "http://jvn.jp/en/jp/JVN44035194/995312/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN44035194/995312/index.html"
},
{
"name": "JVNDB-2013-000075",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000075"
},
{
"name": "docomooverseasusage-wifi-info-disclosure(86361)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86361"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-3659",
"datePublished": "2013-08-09T19:00:00.000Z",
"dateReserved": "2013-05-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:14:56.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1244 (GCVE-0-2012-1244)
Vulnerability from nvd – Published: 2012-04-27 18:00 – Updated: 2024-08-06 18:53
VLAI
Summary
The NTT DOCOMO sp mode mail application 5400 and earlier for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/53254 | vdb-entryx_refsource_BID |
| http://jvn.jp/en/jp/JVN82029095/index.html | third-party-advisoryx_refsource_JVN |
| http://secunia.com/advisories/48955 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/81629 | vdb-entryx_refsource_OSVDB |
| http://jvndb.jvn.jp/jvndb/JVNDB-2012-000037 | third-party-advisoryx_refsource_JVNDB |
Date Public
2012-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:53:36.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "spmode-android-ssl-spoofing(75159)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75159"
},
{
"name": "53254",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53254"
},
{
"name": "JVN#82029095",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN82029095/index.html"
},
{
"name": "48955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48955"
},
{
"name": "81629",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/81629"
},
{
"name": "JVNDB-2012-000037",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000037"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The NTT DOCOMO sp mode mail application 5400 and earlier for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-13T18:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "spmode-android-ssl-spoofing(75159)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75159"
},
{
"name": "53254",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53254"
},
{
"name": "JVN#82029095",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN82029095/index.html"
},
{
"name": "48955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48955"
},
{
"name": "81629",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/81629"
},
{
"name": "JVNDB-2012-000037",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000037"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-1244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NTT DOCOMO sp mode mail application 5400 and earlier for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "spmode-android-ssl-spoofing(75159)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75159"
},
{
"name": "53254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53254"
},
{
"name": "JVN#82029095",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN82029095/index.html"
},
{
"name": "48955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48955"
},
{
"name": "81629",
"refsource": "OSVDB",
"url": "http://osvdb.org/81629"
},
{
"name": "JVNDB-2012-000037",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000037"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2012-1244",
"datePublished": "2012-04-27T18:00:00.000Z",
"dateReserved": "2012-02-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:53:36.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10812 (GCVE-0-2017-10812)
Vulnerability from cvelistv5 – Published: 2017-08-28 20:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN67954465/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NTT DOCOMO, INC. | Photo Collection PC Software |
Affected:
Ver.4.0.2 and earlier
|
Date Public
2017-08-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#67954465",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN67954465/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Photo Collection PC Software",
"vendor": "NTT DOCOMO, INC.",
"versions": [
{
"status": "affected",
"version": "Ver.4.0.2 and earlier"
}
]
}
],
"datePublic": "2017-08-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#67954465",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN67954465/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Photo Collection PC Software",
"version": {
"version_data": [
{
"version_value": "Ver.4.0.2 and earlier"
}
]
}
}
]
},
"vendor_name": "NTT DOCOMO, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#67954465",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN67954465/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10812",
"datePublished": "2017-08-28T20:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1979 (GCVE-0-2014-1979)
Vulnerability from cvelistv5 – Published: 2014-03-19 14:00 – Updated: 2024-08-06 09:58
VLAI
Summary
The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN89260331/index.html | third-party-advisoryx_refsource_JVN |
| http://jvndb.jvn.jp/jvndb/JVNDB-2014-000029 | third-party-advisoryx_refsource_JVNDB |
Date Public
2014-03-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:15.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#89260331",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN89260331/index.html"
},
{
"name": "JVNDB-2014-000029",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000029"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-19T14:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#89260331",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN89260331/index.html"
},
{
"name": "JVNDB-2014-000029",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000029"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-1979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#89260331",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN89260331/index.html"
},
{
"name": "JVNDB-2014-000029",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000029"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-1979",
"datePublished": "2014-03-19T14:00:00.000Z",
"dateReserved": "2014-02-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:58:15.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1978 (GCVE-0-2014-1978)
Vulnerability from cvelistv5 – Published: 2014-03-19 14:00 – Updated: 2024-08-06 09:58
VLAI
Summary
The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card during e-mail composition, which allows attackers to obtain sensitive information via a crafted application.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN05951929/index.html | third-party-advisoryx_refsource_JVN |
| http://jvndb.jvn.jp/jvndb/JVNDB-2014-000028 | third-party-advisoryx_refsource_JVNDB |
Date Public
2014-03-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:15.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#05951929",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN05951929/index.html"
},
{
"name": "JVNDB-2014-000028",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card during e-mail composition, which allows attackers to obtain sensitive information via a crafted application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-19T14:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#05951929",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN05951929/index.html"
},
{
"name": "JVNDB-2014-000028",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000028"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-1978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card during e-mail composition, which allows attackers to obtain sensitive information via a crafted application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#05951929",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN05951929/index.html"
},
{
"name": "JVNDB-2014-000028",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000028"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-1978",
"datePublished": "2014-03-19T14:00:00.000Z",
"dateReserved": "2014-02-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:58:15.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1977 (GCVE-0-2014-1977)
Vulnerability from cvelistv5 – Published: 2014-03-19 14:00 – Updated: 2024-08-06 09:58
VLAI
Summary
The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail messages, which allows attackers to obtain sensitive information via a crafted application.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2014-000027 | third-party-advisoryx_refsource_JVNDB |
| http://jvn.jp/en/jp/JVN81739241/index.html | third-party-advisoryx_refsource_JVN |
Date Public
2014-03-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:16.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2014-000027",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000027"
},
{
"name": "JVN#81739241",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN81739241/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail messages, which allows attackers to obtain sensitive information via a crafted application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-19T14:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2014-000027",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000027"
},
{
"name": "JVN#81739241",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN81739241/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-1977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail messages, which allows attackers to obtain sensitive information via a crafted application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2014-000027",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000027"
},
{
"name": "JVN#81739241",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN81739241/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-1977",
"datePublished": "2014-03-19T14:00:00.000Z",
"dateReserved": "2014-02-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:58:16.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3659 (GCVE-0-2013-3659)
Vulnerability from cvelistv5 – Published: 2013-08-09 19:00 – Updated: 2024-08-06 16:14
VLAI
Summary
The NTT DOCOMO overseas usage application 2.0.0 through 2.0.4 for Android does not properly connect to Wi-Fi access points, which allows remote attackers to obtain sensitive information by leveraging presence in an 802.11 network's coverage area.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://play.google.com/store/apps/details?id=com… | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN44035194/index.html | third-party-advisoryx_refsource_JVN |
| http://jvn.jp/en/jp/JVN44035194/995312/index.html | x_refsource_CONFIRM |
| http://jvndb.jvn.jp/jvndb/JVNDB-2013-000075 | third-party-advisoryx_refsource_JVNDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2013-08-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=com.nttdocomo.android.gs.utility"
},
{
"name": "JVN#44035194",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN44035194/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN44035194/995312/index.html"
},
{
"name": "JVNDB-2013-000075",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000075"
},
{
"name": "docomooverseasusage-wifi-info-disclosure(86361)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86361"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The NTT DOCOMO overseas usage application 2.0.0 through 2.0.4 for Android does not properly connect to Wi-Fi access points, which allows remote attackers to obtain sensitive information by leveraging presence in an 802.11 network\u0027s coverage area."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://play.google.com/store/apps/details?id=com.nttdocomo.android.gs.utility"
},
{
"name": "JVN#44035194",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN44035194/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jvn.jp/en/jp/JVN44035194/995312/index.html"
},
{
"name": "JVNDB-2013-000075",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000075"
},
{
"name": "docomooverseasusage-wifi-info-disclosure(86361)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86361"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-3659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NTT DOCOMO overseas usage application 2.0.0 through 2.0.4 for Android does not properly connect to Wi-Fi access points, which allows remote attackers to obtain sensitive information by leveraging presence in an 802.11 network\u0027s coverage area."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://play.google.com/store/apps/details?id=com.nttdocomo.android.gs.utility",
"refsource": "CONFIRM",
"url": "https://play.google.com/store/apps/details?id=com.nttdocomo.android.gs.utility"
},
{
"name": "JVN#44035194",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN44035194/index.html"
},
{
"name": "http://jvn.jp/en/jp/JVN44035194/995312/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN44035194/995312/index.html"
},
{
"name": "JVNDB-2013-000075",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000075"
},
{
"name": "docomooverseasusage-wifi-info-disclosure(86361)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86361"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-3659",
"datePublished": "2013-08-09T19:00:00.000Z",
"dateReserved": "2013-05-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:14:56.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1244 (GCVE-0-2012-1244)
Vulnerability from cvelistv5 – Published: 2012-04-27 18:00 – Updated: 2024-08-06 18:53
VLAI
Summary
The NTT DOCOMO sp mode mail application 5400 and earlier for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/53254 | vdb-entryx_refsource_BID |
| http://jvn.jp/en/jp/JVN82029095/index.html | third-party-advisoryx_refsource_JVN |
| http://secunia.com/advisories/48955 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/81629 | vdb-entryx_refsource_OSVDB |
| http://jvndb.jvn.jp/jvndb/JVNDB-2012-000037 | third-party-advisoryx_refsource_JVNDB |
Date Public
2012-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:53:36.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "spmode-android-ssl-spoofing(75159)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75159"
},
{
"name": "53254",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53254"
},
{
"name": "JVN#82029095",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN82029095/index.html"
},
{
"name": "48955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48955"
},
{
"name": "81629",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/81629"
},
{
"name": "JVNDB-2012-000037",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000037"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The NTT DOCOMO sp mode mail application 5400 and earlier for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-13T18:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "spmode-android-ssl-spoofing(75159)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75159"
},
{
"name": "53254",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53254"
},
{
"name": "JVN#82029095",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN82029095/index.html"
},
{
"name": "48955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48955"
},
{
"name": "81629",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/81629"
},
{
"name": "JVNDB-2012-000037",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000037"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-1244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NTT DOCOMO sp mode mail application 5400 and earlier for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "spmode-android-ssl-spoofing(75159)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75159"
},
{
"name": "53254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53254"
},
{
"name": "JVN#82029095",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN82029095/index.html"
},
{
"name": "48955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48955"
},
{
"name": "81629",
"refsource": "OSVDB",
"url": "http://osvdb.org/81629"
},
{
"name": "JVNDB-2012-000037",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000037"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2012-1244",
"datePublished": "2012-04-27T18:00:00.000Z",
"dateReserved": "2012-02-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:53:36.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}