[Japanese]

JVNDB-2013-000068

AQUOS PhotoPlayer HN-PP150 vulnerable to denial-of-service (DoS)

Overview

AQUOS PhotoPlayer HN-PP150 contains an issue in the processing of packets, which may lead to a denial-of-service (DoS).

Ayako Matsuda of FFRI, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Partial
Affected Products


Sharp Corporation
  • AQUOS HN-PP150 firmware V 1.03.01.04 and earlier
  • AQUOS Photo Player HN-PP150

According to the developer, HN-PP100, one of HN-PP series, does not have network functions, therefore HN-PP100 is not affected by this vulnerability.
Impact

Network functions may be disabled by a remote attacker.
Solution

[Update the Firmware]
Update to the latest version of firmware according to the information provided by the developer.
Vendor Information

Sharp Corporation
CWE (What is CWE?)

  1. No Mapping(CWE-noinfo) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2013-3655
References

  1. JVN : JVN#68773685
  2. National Vulnerability Database (NVD) : CVE-2013-3655
Revision History

  • [2013/07/11]
      Web page was published
    [2013/07/16]
      References : Content was added

Date Public2013/07/11
Date First Published2013/07/11
Date Last Updated2013/07/16