[Japanese]

JVNDB-2017-000218

Wi-Fi STATION L-02F fails to restrict access permissions

Overview

Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. fails to restrict access permissions.

Japan Computer Emergency Response Team Coordination Center Global Coordination Division Cyber Metrics Line Information Security Analyst Keisuke Shikano reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

Base Metrics: 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None

CVSS V3 Severity:
Base Metrics: 7.5 (High) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None
Affected Products


NTT DOCOMO, INC.
  • Wi-Fi STATION L-02F Software version V10b and earlier

Impact

An unauthenticated remote attacker may access the web interface of the device through internet and obtain the stored setting information.
Solution

[Apply an Update]
Apply the update according to the information provided by the provider.
Vendor Information

NTT DOCOMO, INC.
CWE (What is CWE?)

  1. Permissions(CWE-264) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2017-10846
References

  1. JVN : JVN#03044183
Revision History

[2017/09/12]
  Web page was published