JVN#23367475
Wi-Fi STATION L-02F vulnerable to buffer overflow
Overview
Wi-Fi STATION L-02F provided by NTT DOCOMO, contains a buffer overflow vulnerability.
Products Affected
- Wi-Fi STATION L-02F Software version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier
Description
Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. contains a buffer overflow vulnerability (CWE-121).
Impact
Receiving crafted packets sent by a remote attacker may cause a buffer overflow condition. As a result, the attacker may execute arbitrary code with the root previlege.
Solution
Apply an Update
Apply the update according to the information provided by the provider.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| NTT DOCOMO, INC. | Vulnerable | 2017/11/06 | NTT DOCOMO, INC. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
| Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) |
|---|---|---|---|
| Access Complexity(AC) | High (H) | Medium (M) | Low (L) |
| Authentication(Au) | Multiple (M) | Single (S) | None (N) |
| Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) |
| Integrity Impact(I) | None (N) | Partial (P) | Complete (C) |
| Availability Impact(A) | None (N) | Partial (P) | Complete (C) |
Credit
Daisuke Makita and Hayato Ushimaru of National Institute of Information and Communications Technology, Jumpei Shimamura of clwit, Inc. and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2017-10871 |
| JVN iPedia |
JVNDB-2017-000232 |