[Japanese]

JVNDB-2012-000105

Multiple KYOCERA mobile devices may reboot during email reception

Overview

Multiple KYOCERA mobile devices contain an issue where the device may reboot when receiving an email in an invalid format.

Multiple KYOCERA mobile devices contain an issue where the device may reboot when receiving an email in an invalid format. When this issue occurs, the device will always reboot when attempting to receive the invalid email.

Masashi Shimizu reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 7.8 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Complete
Affected Products


KYOCERA Corporation
  • AH-K3001V
  • AH-K3002V
  • WX300K
  • WX310K
  • WX320K
  • WX320KR

Impact

When receiving an invalid email, the device will always reboot, therefore emails cannot be received.
Solution

[Delete the corresponding invalid email]
By deleting the invalid email, the device can be recovered from the rebooting issue. In addition, emails will be received normally.
Vendor Information

KYOCERA Corporation
CWE (What is CWE?)

  1. No Mapping(CWE-noinfo) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2012-5174
References

  1. JVN : JVN#83907168
  2. National Vulnerability Database (NVD) : CVE-2012-5174
Revision History

  • [2012/11/30]
      Web page was published

Date Public2012/11/30
Date First Published2012/11/30
Date Last Updated2012/11/30