Japan Connected-free Wi-Fi vulnerable to allow URL whitelist bypass


Japan Connected-free Wi-Fi provided by NTT Broadband Platform, Inc. contains an issue where an arbitrary page may be loaded if the application is launched with the URL-scheme.

Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

Base Metrics: 6.8 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial

Affected Products

NTT Broadband Platform, Inc.
  • Japan Connected-free Wi-Fi for Android 1.15.1 and earlier
  • Japan Connected-free Wi-Fi for iOS 1.13.0 and earlier that have not applied the contents update provided on April 26, 2016

[Added on May 27, 2016]
Note that the versions released on July, 2015 did not address the vulnerability completely. Newer firmware versions have been released.

Android version of this app may allow an arbitrary API to be executed if permissions to execute that API are granted in the android manifest.
iOS version of this app may allow an arbitrary API to be executed.

[Update the Software]
Update to the latest version according to the information provided by the developer.
Vendor Information

NTT Broadband Platform, Inc.
CWE (What is CWE?)

  1. Permissions(CWE-264) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2015-5629

  1. JVN : JVN#04644117
  2. National Vulnerability Database (NVD) : CVE-2015-5629
Revision History

  Web page was published
  References : Content was added
  Affected Products : Product version and Content were modified
  Impact was modified