Lucene search

Japan Vulnerability NotesJVN:41048401

HistorySep 11, 2015 - 12:00 a.m.

JVN#41048401: Japan Connected-free Wi-Fi vulnerable to script injection

2015-09-1100:00:00

Japan Vulnerability Notes

jvn.jp

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

60.2%

JSON

Japan Connected-free Wi-Fi provided by NTT Broadband Platform, Inc. is vulnerable to script injection when displaying malformed strings contained in SSID.

Impact

When the device running the app connects to an access point and its SSID contains malicious script, the script may be executed.

Solution

Update the Software
Update to the latest version according to the information provided by the developer.

Products Affected

Japan Connected-free Wi-Fi for Android 1.6.0 and earlier
Japan Connected-free Wi-Fi for iOS 1.0.2 and earlier

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

60.2%

JSON

Related for JVN:41048401