MidnightBSD

Advisories for softbank

CVE-2013-2310 LOW

SoftBank Wi-Fi Spot Configuration Software, as used on SoftBank SHARP 3G handsets, SoftBank Panasonic 3G handsets, SoftBank NEC 3G handsets, SoftBank Samsung 3G handsets, SoftBank mobile Wi-Fi routers, SoftBank Android smartphones with the Wi-Fi application before 1.7.1, SoftBank Windows Mobile smartphones with the WISPrClient application before 1.3.1, SoftBank Disney Mobile Android smartphones with the Wi-Fi application before 1.7.1, and WILLCOM Android smartphones with the Wi-Fi application before 1.7.1, does not properly connect to access points, which allows remote attackers to obtain sensitive information by leveraging access to an 802.11 network.

CVSS 2.0

Severity: LOW

Problem Type: CWE-287,

Products Affected

Vendor Product Version
softbank android_smartphone 102p
softbank wi-fi_spot_configuration_software -
softbank sharp_3g_handset 944sh
softbank android_smartphone 101f
softbank android_smartphone 103sh
softbank disney_mobile_android_smartphone dm010sh
softbank android_smartphone 005sh
softbank android_smartphone 201hw
softbank sharp_3g_handset 001n
softbank sharp_3g_handset 940n
softbank android_smartphone 101dl
softbank android_smartphone 200sh
softbank sharp_3g_handset 931n
softbank sharp_3g_handset 941sc
softbank sharp_3g_handset 945shg
softbank android_smartphone 101k
softbank panasonic_3g_handset 001p
softbank sharp_3g_handset 941sh
softbank windows_mobile_smartphone x04ht
softbank panasonic_3g_handset 942p
softbank disney_mobile_android_smartphone dm012sh
softbank sharp_3g_handset 940sh
softbank windows_mobile_smartphone x02t
softbank android_smartphone 102sh
softbank android_smartphone 008z
softbank disney_mobile_android_smartphone dm013sh
softbank sharp_3g_handset 002sh
willcom-inc wi-fi_application *
softbank mobile_wi-fi_router 102z
softbank android_smartphone 101p
softbank android_smartphone 101n
softbank disney_mobile_android_smartphone dm009sh
softbank android_smartphone 001ht
softbank wi-fi_application *
softbank android_smartphone 001dl
softbank android_smartphone 009sh
softbank android_smartphone 201m
softbank android_smartphone x06ht
willcom-inc android_smartphone wx06k
softbank mobile_wi-fi_router 101sb
softbank android_smartphone 003sh
softbank nec_3g_handset 940n
willcom-inc android_smartphone wx04k
softbank sharp_3g_handset 004shp3
softbank wisprclient *
softbank android_smartphone 007hw
softbank android_smartphone 003z
softbank windows_mobile_smartphone x01sc
softbank android_smartphone 201k
softbank nec_3g_handset 931n
softbank android_smartphone 006sh
softbank mobile_wi-fi_router 102hw
softbank sharp_3g_handset 945sh
softbank android_smartphone 009z
softbank android_smartphone 106sh
softbank sharp_3g_handset 001p
softbank sharp_3g_handset 941p
softbank nec_3g_handset 001n
softbank samsung_3g_handset 941sc
softbank sharp_3g_handset 942p
softbank android_smartphone 003p
softbank disney_mobile_android_smartphone dm011sh
softbank android_smartphone 107sh
softbank panasonic_3g_handset 941p
softbank sharp_3g_handset 004sh
softbank windows_mobile_smartphone x05ht
softbank android_smartphone 101sh
softbank sharp_3g_handset 943sh
softbank android_smartphone 007sh
softbank android_smartphone 104sh
CVE-2017-2108 HIGH

Untrusted search path vulnerability in PrimeDrive Desktop Application 1.4.3 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-426,

Products Affected

Vendor Product Version
softbank primedrive_desktop_application *
CVE-2017-2167 MEDIUM

Untrusted search path vulnerability in Installer for PrimeDrive Desktop Application version 1.4.4 and earlier allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,

Products Affected

Vendor Product Version
softbank primedrive_desktop_application *
CVE-2018-0691 MEDIUM

Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to version 1.0.6, and KDDI +Message App for iOS prior to version 1.1.23) do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
ntt_tocomo +_message *
ntttocomo +_message *
kddi +_message *
softbank +_message *
CVE-2021-20783 MEDIUM

Cross-site request forgery (CSRF) vulnerability in Optical BB unit E-WMTA2.3 allows a remote attacker to hijack the authentication of administrators via a specially crafted page.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
softbank optical_bb_unit_e-wmta_firmware 2.3
CVE-2022-43543

KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's specifications. Therefore, a crafted text may display misleading web links. As a result, a spoofed URL may be displayed and phishing attacks may be conducted. Affected products and versions are as follows: KDDI +Message App for Android prior to version 3.9.2 and +Message App for iOS prior to version 3.9.4, NTT DOCOMO +Message App for Android prior to version 54.49.0500 and +Message App for iOS prior to version 3.9.4, and SoftBank +Message App for Android prior to version 12.9.5 and +Message App for iOS prior to version 3.9.4

Products Affected

Vendor Product Version
docomo +_message *
kddi +_message *
softbank +_message *