Published:2017/11/06  Last Updated:2017/11/06

JVN#23367475
Wi-Fi STATION L-02F vulnerable to buffer overflow

Overview

Wi-Fi STATION L-02F provided by NTT DOCOMO, contains a buffer overflow vulnerability.

Products Affected

  • Wi-Fi STATION L-02F Software version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier

Description

Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. contains a buffer overflow vulnerability (CWE-121).

Impact

Receiving crafted packets sent by a remote attacker may cause a buffer overflow condition. As a result, the attacker may execute arbitrary code with the root previlege.

Solution

Apply an Update
Apply the update according to the information provided by the provider.

Vendor Status

Vendor Status Last Update Vendor Notes
NTT DOCOMO, INC. Vulnerable 2017/11/06 NTT DOCOMO, INC. website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score: 9.8
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)
CVSS v2 AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score: 10.0
Access Vector(AV) Local (L) Adjacent Network (A) Network (N)
Access Complexity(AC) High (H) Medium (M) Low (L)
Authentication(Au) Multiple (M) Single (S) None (N)
Confidentiality Impact(C) None (N) Partial (P) Complete (C)
Integrity Impact(I) None (N) Partial (P) Complete (C)
Availability Impact(A) None (N) Partial (P) Complete (C)

Credit

Daisuke Makita and Hayato Ushimaru of National Institute of Information and Communications Technology, Jumpei Shimamura of clwit, Inc. and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2017-10871
JVN iPedia JVNDB-2017-000232