SoftBank Wi-Fi Spot Configuration Software, as used on SoftBank SHARP 3G handsets, SoftBank Panasonic 3G handsets, SoftBank NEC 3G handsets, SoftBank Samsung 3G handsets, SoftBank mobile Wi-Fi routers, SoftBank Android smartphones with the Wi-Fi application before 1.7.1, SoftBank Windows Mobile smartphones with the WISPrClient application before 1.3.1, SoftBank Disney Mobile Android smartphones with the Wi-Fi application before 1.7.1, and WILLCOM Android smartphones with the Wi-Fi application before 1.7.1, does not properly connect to access points, which allows remote attackers to obtain sensitive information by leveraging access to an 802.11 network.
CVSS 2.0
Severity: LOW
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| softbank | android_smartphone | 102p |
| softbank | wi-fi_spot_configuration_software | - |
| softbank | sharp_3g_handset | 944sh |
| softbank | android_smartphone | 101f |
| softbank | android_smartphone | 103sh |
| softbank | disney_mobile_android_smartphone | dm010sh |
| softbank | android_smartphone | 005sh |
| softbank | android_smartphone | 201hw |
| softbank | sharp_3g_handset | 001n |
| softbank | sharp_3g_handset | 940n |
| softbank | android_smartphone | 101dl |
| softbank | android_smartphone | 200sh |
| softbank | sharp_3g_handset | 931n |
| softbank | sharp_3g_handset | 941sc |
| softbank | sharp_3g_handset | 945shg |
| softbank | android_smartphone | 101k |
| softbank | panasonic_3g_handset | 001p |
| softbank | sharp_3g_handset | 941sh |
| softbank | windows_mobile_smartphone | x04ht |
| softbank | panasonic_3g_handset | 942p |
| softbank | disney_mobile_android_smartphone | dm012sh |
| softbank | sharp_3g_handset | 940sh |
| softbank | windows_mobile_smartphone | x02t |
| softbank | android_smartphone | 102sh |
| softbank | android_smartphone | 008z |
| softbank | disney_mobile_android_smartphone | dm013sh |
| softbank | sharp_3g_handset | 002sh |
| willcom-inc | wi-fi_application | * |
| softbank | mobile_wi-fi_router | 102z |
| softbank | android_smartphone | 101p |
| softbank | android_smartphone | 101n |
| softbank | disney_mobile_android_smartphone | dm009sh |
| softbank | android_smartphone | 001ht |
| softbank | wi-fi_application | * |
| softbank | android_smartphone | 001dl |
| softbank | android_smartphone | 009sh |
| softbank | android_smartphone | 201m |
| softbank | android_smartphone | x06ht |
| willcom-inc | android_smartphone | wx06k |
| softbank | mobile_wi-fi_router | 101sb |
| softbank | android_smartphone | 003sh |
| softbank | nec_3g_handset | 940n |
| willcom-inc | android_smartphone | wx04k |
| softbank | sharp_3g_handset | 004shp3 |
| softbank | wisprclient | * |
| softbank | android_smartphone | 007hw |
| softbank | android_smartphone | 003z |
| softbank | windows_mobile_smartphone | x01sc |
| softbank | android_smartphone | 201k |
| softbank | nec_3g_handset | 931n |
| softbank | android_smartphone | 006sh |
| softbank | mobile_wi-fi_router | 102hw |
| softbank | sharp_3g_handset | 945sh |
| softbank | android_smartphone | 009z |
| softbank | android_smartphone | 106sh |
| softbank | sharp_3g_handset | 001p |
| softbank | sharp_3g_handset | 941p |
| softbank | nec_3g_handset | 001n |
| softbank | samsung_3g_handset | 941sc |
| softbank | sharp_3g_handset | 942p |
| softbank | android_smartphone | 003p |
| softbank | disney_mobile_android_smartphone | dm011sh |
| softbank | android_smartphone | 107sh |
| softbank | panasonic_3g_handset | 941p |
| softbank | sharp_3g_handset | 004sh |
| softbank | windows_mobile_smartphone | x05ht |
| softbank | android_smartphone | 101sh |
| softbank | sharp_3g_handset | 943sh |
| softbank | android_smartphone | 007sh |
| softbank | android_smartphone | 104sh |
Untrusted search path vulnerability in PrimeDrive Desktop Application 1.4.3 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-426,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| softbank | primedrive_desktop_application | * |
Untrusted search path vulnerability in Installer for PrimeDrive Desktop Application version 1.4.4 and earlier allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-426,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| softbank | primedrive_desktop_application | * |
Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to version 1.0.6, and KDDI +Message App for iOS prior to version 1.1.23) do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ntt_tocomo | +_message | * |
| ntttocomo | +_message | * |
| kddi | +_message | * |
| softbank | +_message | * |
Cross-site request forgery (CSRF) vulnerability in Optical BB unit E-WMTA2.3 allows a remote attacker to hijack the authentication of administrators via a specially crafted page.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| softbank | optical_bb_unit_e-wmta_firmware | 2.3 |
KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's specifications. Therefore, a crafted text may display misleading web links. As a result, a spoofed URL may be displayed and phishing attacks may be conducted. Affected products and versions are as follows: KDDI +Message App for Android prior to version 3.9.2 and +Message App for iOS prior to version 3.9.4, NTT DOCOMO +Message App for Android prior to version 54.49.0500 and +Message App for iOS prior to version 3.9.4, and SoftBank +Message App for Android prior to version 12.9.5 and +Message App for iOS prior to version 3.9.4
Products Affected
| Vendor | Product | Version |
|---|---|---|
| docomo | +_message | * |
| kddi | +_message | * |
| softbank | +_message | * |