Japan Vulnerability NotesJVN:46888319JVN#46888319: Japan Connected-free Wi-Fi vulnerable to API execution
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS
Percentile
51.9%
Japan Connected-free Wi-Fi provided by NTT Broadband Platform, Inc. contains a vulnerability which allows an arbitrary API to be executed by a man-in-the-middle attacker.
Impact
Android version of this app may allow an arbitrary API to be executed if permissions to execute that API are granted in the android manifest.
iOS version of this app may allow an arbitrary API to be executed.
Solution
Update the Software
Update to the latest version according to the information provided by the developer.
Products Affected
- Japan Connected-free Wi-Fi for Android 1.15.1 and earlier
- Japan Connected-free Wi-Fi for iOS 1.13.0 and earlier that have not applied the contents update provided on April 26, 2016
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS
Percentile
51.9%