Published:2013/05/15  Last Updated:2013/05/15

Information from SoftBank

Vulnerability ID:JVN#85371480
Title:Wi-Fi Spot Configuration Software vulnerability in the connection process
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

The listed models have the reported vulnerability.
Their latest software and application versions fix it. The users are encouraged to update the models.
・SoftBank 3G handsets [941SC, 941P, 942P, 001P, 931N, 940N, 001N, 940SH, 941SH, 943SH, 944SH, 945SH, 945SHG, 002SH, 004SH, 004SHPJ]
・Mobile Wi-Fi Router [101SB, 102Z, 102HW]
・Android smartphones [X06HT, X06HT Ⅱ, 001HT, 003SH, 005SH, 006SH, 007SH, 007SH J, 007SH KT, 009SH, 009SH Y, 101SH, 102SH, 102SH Ⅱ, 103SH, 104SH, 106SH, 107SH, 200SH, 101F, 101N, 101K, 201K, 003P, 101P, 102P, 201M, 007HW, 201HW, 003Z, 008Z, 009Z, 001DL, 101DL]
・Windows Mobile smartphones [X01SC, X02T, X04HT, X05HT]

■SoftBank 3G handsets
On the handset, go to a URL page for models. The page will show how to update in the <ソフトウェア更新の実施方法> section.
 ・SHARP handsets
940SH/941SH/943SH (Fix-February 21 2013 release software)
http://info.mb.softbank.jp/scripts/g/fota/index.jsp?id=20130219142426627
 944SH/945SH (Fix-January 22 2013 release software)
http://info.mb.softbank.jp/scripts/g/fota/index.jsp?id=20130118173548950
 002SH/004SH (Fix-January 9 2013 release software)
http://info.mb.softbank.jp/scripts/g/fota/index.jsp?id=20121226162727373
 004SH PJ/945SH G (Fix-February 4 2013 release software)
http://info.mb.softbank.jp/scripts/g/fota/index.jsp?id=20130201110129907
・Panasonic handsets
941P (Fix-February 20 2013 release software)
http://info.mb.softbank.jp/scripts/g/fota/index.jsp?id=20130218135233230
 942P/001P (Fix-March 6 2013 release software)
http://info.mb.softbank.jp/scripts/g/fota/index.jsp?id=20130301150900104
 ・NEC handsets
931N/940N/001N (Fix-March 5 2013 release software)
http://info.mb.softbank.jp/scripts/g/fota/index.jsp?id=20130228150717881
 ・Samsung handsets
 941SC (Fix-January 10 2013 release software)
http://info.mb.softbank.jp/scripts/g/fota/index.jsp?id=20130108104018502


■ Mobile Wi-Fi Routers
 101SB (Fix-February 6 2013 release software)
http://mb.softbank.jp/scripts/japanese/information/fota/detail.jsp?id=20130125115034352
 102Z (Fix-March 12 2013 release software)
http://mb.softbank.jp/scripts/japanese/information/fota/detail.jsp?id=20130222100707432
 102HW (Fix-January 24 2013 release software)
 http://mb.softbank.jp/scripts/japanese/information/fota/detail.jsp?id=20121211143211768


■Android smartphones (X06HT, X06HT Ⅱ, 001HT, 003SH, 005SH, 006SH, 007SH, 007SH J, 007SH KT, 009SH, 009SH Y, 101SH, 102SH, 102SH Ⅱ, 103SH, 104SH, 106SH, 107SH, 200SH, 101F, 101N, 101K, 201K, 003P, 101P, 102P, 201M, 007HW, 201HW, 003Z, 008Z, 009Z, 001DL, 101DL)
 ・Update the Wi-Fiスポット設定 application. (Fix-December 17 2012 release application).
  Update steps: Start Play Store → <Menu> → <My apps> →<Wi-Fiスポット設定> → < Update>
   *Version 1.7.1 and later versions have the vulnerability removed.

■Windows Mobile smartphones(X01SC, X02T, X04HT, X05HT)
 ・Update the WISPrClient application. (Fix-December 17 2012 release application).
  Update steps: Start the browser → <Bookmarks> → <My SoftBank for X Series>→ enter the phone number and password → <ログイン> → <ダウンロード> → the “ソフトバンクWi-Fiスポット設定ソフトウェア” download page → read User Agreement and select <同意する> → <ダウンロード>.
   *X04HT and X05HT users should use Internet Explorer Mobile to download.
   *Version 1.3.1 and later versions have the vulnerability removed.