Published:2017/09/12 Last Updated:2017/09/12
JVN#03044183
Wi-Fi STATION L-02F fails to restrict access permissions
Overview
Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. fails to restrict access permissions
Products Affected
- Wi-Fi STATION L-02F Software version V10b and earlier
Description
Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. fails to restrict access permissions.
Impact
An unauthenticated remote attacker may access the web interface of the device through internet and obtain the stored setting information.
Solution
Apply an Update
Apply the update according to the information provided by the provider.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| NTT DOCOMO, INC. | Vulnerable | 2017/09/12 | NTT DOCOMO, INC. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
CVSS v3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score:
7.5
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
CVSS v2
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score:
5.0
| Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) |
|---|---|---|---|
| Access Complexity(AC) | High (H) | Medium (M) | Low (L) |
| Authentication(Au) | Multiple (M) | Single (S) | None (N) |
| Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) |
| Integrity Impact(I) | None (N) | Partial (P) | Complete (C) |
| Availability Impact(A) | None (N) | Partial (P) | Complete (C) |
Credit
Japan Computer Emergency Response Team Coordination Center Global Coordination Division Cyber Metrics Line Information Security Analyst Keisuke Shikano reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2017-10846 |
| JVN iPedia |
JVNDB-2017-000218 |