Vulnerability CVE-2013-2310
Published: 2013-06-16   Modified: 2013-06-17

Description:
SoftBank Wi-Fi Spot Configuration Software, as used on SoftBank SHARP 3G handsets, SoftBank Panasonic 3G handsets, SoftBank NEC 3G handsets, SoftBank Samsung 3G handsets, SoftBank mobile Wi-Fi routers, SoftBank Android smartphones with the Wi-Fi application before 1.7.1, SoftBank Windows Mobile smartphones with the WISPrClient application before 1.3.1, SoftBank Disney Mobile Android smartphones with the Wi-Fi application before 1.7.1, and WILLCOM Android smartphones with the Wi-Fi application before 1.7.1, does not properly connect to access points, which allows remote attackers to obtain sensitive information by leveraging access to an 802.11 network.

Type:

CWE-287

 (Improper Authentication)

CVSS2 => (AV:A/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.3/10
2.9/10
6.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Willcom-inc -> Wi-fi application 
Willcom-inc -> Android smartphone 
Softbank -> Wi-fi application 
Softbank -> Wi-fi spot configuration software 
Softbank -> Wisprclient 
Softbank -> Android smartphone 
Softbank -> Disney mobile android smartphone 
Softbank -> Mobile wi-fi router 
Softbank -> Nec 3g handset 
Softbank -> Panasonic 3g handset 
Softbank -> Samsung 3g handset 
Softbank -> Sharp 3g handset 
Softbank -> Windows mobile smartphone 

 References:
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000039
http://jvn.jp/en/jp/JVN85371480/index.html
http://jvn.jp/en/jp/JVN85371480/995417/index.html
http://jvn.jp/en/jp/JVN85371480/995319/index.html
http://jvn.jp/en/jp/JVN85371480/397327/index.html
Copyright 2024, cxsecurity.com

 

Back to Top