Executive Summary

Informations
NameCVE-2011-4872First vendor Publication2012-02-05
VendorCveLast vendor Modification2012-02-16

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:N/A:N)
Cvss Base Score2.6Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityHigh
Cvss Expoit Score4.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40, and EVO 4G GRI40 allow remote attackers to obtain 802.1X Wi-Fi credentials and SSID via a crafted application that uses the android.permission.ACCESS_WIFI_STATE permission to call the toString method on the WifiConfiguration class.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4872

CWE : Common Weakness Enumeration

idName
CWE-200Information Exposure

CPE : Common Platform Enumeration

TypeDescriptionCount
Hardware2
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1
Hardware1

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/51790
BUGTRAQhttp://archives.neohapsis.com/archives/bugtraq/2012-02/0002.html
CERT-VNhttp://www.kb.cert.org/vuls/id/763355
MISChttp://blog.mywarwithentropy.com/2012/02/8021x-password-exploit-on-many-htc.html
SECUNIAhttp://secunia.com/advisories/47837

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2013-05-10 23:12:06
  • Multiple Updates