Japan Vulnerability NotesJVN:04644117JVN#04644117: Japan Connected-free Wi-Fi vulnerable to allow URL whitelist bypass
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
73.8%
Japan Connected-free Wi-Fi provided by NTT Broadband Platform, Inc. contains an issue where an arbitrary page may be loaded if the application is launched with the URL-scheme.
Impact
Android version of this app may allow an arbitrary API to be executed if permissions to execute that API are granted in the android manifest.
iOS version of this app may allow an arbitrary API to be executed.
Solution
Update the Software
Update to the latest version according to the information provided by the developer.
Products Affected
- Japan Connected-free Wi-Fi for Android 1.15.1 and earlier
- Japan Connected-free Wi-Fi for iOS 1.13.0 and earlier that have not applied the contents update provided on April 26, 2016
[Added on May 27, 2016]
Note that the versions released on July, 2015 did not address the vulnerability completely. Newer firmware versions have been released.
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
73.8%