Published:2014/12/02  Last Updated:2014/12/02

ARROWS Me F-11D vulnerability where arbitrary areas may be accessed


ARROWS Me F-11D contains a vulnerability where arbitrary areas on the device may be accessed.

Products Affected

  • ARROWS Me F-11D


ARROWS Me F-11D contains a vulnerability where arbitrary areas on the device may be accessed.


An attacker with local access may obtain or alter contents in the flash memory of the device.


Apply an Update
Apply the update according to the information provided by the provider.

Vendor Status

Vendor Status Last Update Vendor Notes
NTT DOCOMO, INC. Vulnerable 2014/12/02


JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Analyzed on 2014.12.02 (CVSS Base Metrics)

What is CVSS?

Measures Severity Description
Access Vector(AV) Local (L) Adjacent Network (A) Network (N) A vulnerability exploitable with only local access requires the attacker to have either physical access to the vulnerable system or a local (shell) account.
Access Complexity(AC) High (H) Medium (M) Low (L) Specialized access conditions or extenuating circumstances do not exist.
Authentication(Au) Multiple (M) Single (S) None (N) Authentication is not required to exploit the vulnerability.
Confidentiality Impact(C) None (N) Partial (P) Complete (C) There is total information disclosure, resulting in all system files being revealed.
Integrity Impact(I) None (N) Partial (P) Complete (C) There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.
Availability Impact(A) None (N) Partial (P) Complete (C) There is a total shutdown of the affected resource.

Base Score:7.2


This analysis was performed under the assumption that physical access to the device is necessary.


FUKAUMI Naoki of SOUM Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Reports
CERT Advisory
CPNI Advisory
CVE CVE-2014-7254
JVN iPedia JVNDB-2014-000139