[Japanese]

JVNDB-2017-000232

Wi-Fi STATION L-02F vulnerable to buffer overflow

Overview

Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. contains a buffer overflow vulnerability.

Daisuke Makita and Hayato Ushimaru of National Institute of Information and Communications Technology, Jumpei Shimamura of clwit, Inc. and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 9.8 (Critical) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics 10.0 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Complete
  • Integrity Impact: Complete
  • Availability Impact: Complete
Affected Products


NTT DOCOMO, INC.
  • Wi-Fi STATION L-02F Software version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier

Impact

Receiving crafted packets sent by a remote attacker may cause a buffer overflow condition. As a result, the attacker may execute arbitrary code with the root previlege.
Solution

[Apply an Update]
Apply the update according to the information provided by the provider.
Vendor Information

NTT DOCOMO, INC.
CWE (What is CWE?)

  1. Buffer Errors(CWE-119) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2017-10871
References

  1. JVN : JVN#23367475
  2. National Vulnerability Database (NVD) : CVE-2017-10871
  3. IPA SECURITY ALERTS : Security Alert for Vulnerability in Wi-Fi STATION L-02F (JVN#23367475) (in Japanese)
Revision History

  • [2017/11/06]
      Web page was published
  • [2018/03/07]
      References : Content was added

Date Public2017/11/06
Date First Published2017/11/06
Date Last Updated2018/03/07