Details of VAR-201306-0111

ID

VAR-201306-0111

CVE

CVE-2013-2310

TITLE

Wi-Fi Spot Configuration Software vulnerability in the connection process

Trust: 0.8

sources: JVNDB: JVNDB-2013-000039

DESCRIPTION

SoftBank Wi-Fi Spot Configuration Software, as used on SoftBank SHARP 3G handsets, SoftBank Panasonic 3G handsets, SoftBank NEC 3G handsets, SoftBank Samsung 3G handsets, SoftBank mobile Wi-Fi routers, SoftBank Android smartphones with the Wi-Fi application before 1.7.1, SoftBank Windows Mobile smartphones with the WISPrClient application before 1.3.1, SoftBank Disney Mobile Android smartphones with the Wi-Fi application before 1.7.1, and WILLCOM Android smartphones with the Wi-Fi application before 1.7.1, does not properly connect to access points, which allows remote attackers to obtain sensitive information by leveraging access to an 802.11 network. Wi-Fi Spot Configuration Software provided by SoftBank contains a vulnerability within the process of connecting to Wi-Fi access points, which may lead to user information being sent unintentionally. Masashi Sakai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.When connecting to a Wi-Fi access point, an attacker may obtain user information. Successful exploits will allow attackers to obtain sensitive information by performing man-in-the-middle attacks. This may aid in further attacks

Trust: 1.98

sources: NVD: CVE-2013-2310 // JVNDB: JVNDB-2013-000039 // BID: 60009 // VULHUB: VHN-62312

AFFECTED PRODUCTS

vendor:	softbank	model:	wi-fi application	scope:	lte	version:	1.7.0	Trust: 1.0
vendor:	softbank	model:	android smartphone	scope:	eq	version:	103sh	Trust: 1.0
vendor:	softbank	model:	mobile wi-fi router	scope:	eq	version:	102z	Trust: 1.0
vendor:	softbank	model:	android smartphone	scope:	eq	version:	001dl	Trust: 1.0
vendor:	softbank	model:	android smartphone	scope:	eq	version:	201k	Trust: 1.0
vendor:	softbank	model:	sharp 3g handset	scope:	eq	version:	944sh	Trust: 1.0
vendor:	softbank	model:	disney mobile android smartphone	scope:	eq	version:	dm009sh	Trust: 1.0
vendor:	softbank	model:	android smartphone	scope:	eq	version:	008z	Trust: 1.0
vendor:	softbank	model:	sharp 3g handset	scope:	eq	version:	941p	Trust: 1.0
vendor:	softbank	model:	disney mobile android smartphone	scope:	eq	version:	dm012sh	Trust: 1.0
vendor:	softbank	model:	sharp 3g handset	scope:	eq	version:	001n	Trust: 1.0
vendor:	softbank	model:	android smartphone	scope:	eq	version:	003p	Trust: 1.0
vendor:	softbank	model:	android smartphone	scope:	eq	version:	007hw	Trust: 1.0
vendor:	softbank	model:	android smartphone	scope:	eq	version:	009sh	Trust: 1.0
vendor:	softbank	model:	wisprclient	scope:	lte	version:	1.3.0	Trust: 1.0
vendor:	softbank	model:	panasonic 3g handset	scope:	eq	version:	941p	Trust: 1.0
vendor:	softbank	model:	sharp 3g handset	scope:	eq	version:	004shp3	Trust: 1.0
vendor:	softbank	model:	android smartphone	scope:	eq	version:	006sh	Trust: 1.0
vendor:	softbank	model:	sharp 3g handset	scope:	eq	version:	945sh	Trust: 1.0
vendor:	softbank	model:	disney mobile android smartphone	scope:	eq	version:	dm013sh	Trust: 1.0
vendor:	softbank	model:	android smartphone	scope:	eq	version:	009z	Trust: 1.0
vendor:	softbank	model:	disney mobile android smartphone	scope:	eq	version:	dm011sh	Trust: 1.0
vendor:	softbank	model:	android smartphone	scope:	eq	version:	201m	Trust: 1.0
vendor:	softbank	model:	android smartphone	scope:	eq	version:	003sh	Trust: 1.0
vendor:	willcom	model:	wi-fi application	scope:	lte	version:	1.7.0	Trust: 1.0
vendor:	softbank	model:	android smartphone	scope:	eq	version:	106sh	Trust: 1.0
vendor:	softbank	model:	sharp 3g handset	scope:	eq	version:	945shg	Trust: 1.0
vendor:	softbank	model:	android smartphone	scope:	eq	version:	102p	Trust: 1.0
vendor:	softbank	model:	windows mobile smartphone	scope:	eq	version:	x05ht	Trust: 1.0
vendor:	softbank	model:	windows mobile smartphone	scope:	eq	version:	x04ht	Trust: 1.0
vendor:	softbank	model:	sharp 3g handset	scope:	eq	version:	940n	Trust: 1.0
vendor:	softbank	model:	sharp 3g handset	scope:	eq	version:	943sh	Trust: 1.0
vendor:	softbank	model:	android smartphone	scope:	eq	version:	101f	Trust: 1.0
vendor:	softbank	model:	android smartphone	scope:	eq	version:	101p	Trust: 1.0
vendor:	softbank	model:	windows mobile smartphone	scope:	eq	version:	x02t	Trust: 1.0
vendor:	softbank	model:	sharp 3g handset	scope:	eq	version:	931n	Trust: 1.0
vendor:	softbank	model:	nec 3g handset	scope:	eq	version:	001n	Trust: 1.0
vendor:	softbank	model:	wi-fi spot configuration software	scope:	eq	version:	-	Trust: 1.0
vendor:	softbank	model:	android smartphone	scope:	eq	version:	003z	Trust: 1.0
vendor:	softbank	model:	windows mobile smartphone	scope:	eq	version:	x01sc	Trust: 1.0
vendor:	softbank	model:	disney mobile android smartphone	scope:	eq	version:	dm010sh	Trust: 1.0
vendor:	softbank	model:	mobile wi-fi router	scope:	eq	version:	101sb	Trust: 1.0
vendor:	softbank	model:	android smartphone	scope:	eq	version:	001ht	Trust: 1.0
vendor:	softbank	model:	android smartphone	scope:	eq	version:	104sh	Trust: 1.0
vendor:	willcom	model:	android smartphone	scope:	eq	version:	wx06k	Trust: 1.0
vendor:	softbank	model:	android smartphone	scope:	eq	version:	201hw	Trust: 1.0
vendor:	softbank	model:	android smartphone	scope:	eq	version:	005sh	Trust: 1.0
vendor:	softbank	model:	sharp 3g handset	scope:	eq	version:	001p	Trust: 1.0
vendor:	softbank	model:	android smartphone	scope:	eq	version:	101sh	Trust: 1.0
vendor:	softbank	model:	sharp 3g handset	scope:	eq	version:	004sh	Trust: 1.0
vendor:	willcom	model:	android smartphone	scope:	eq	version:	wx04k	Trust: 1.0
vendor:	softbank	model:	android smartphone	scope:	eq	version:	x06ht	Trust: 1.0
vendor:	softbank	model:	android smartphone	scope:	eq	version:	101n	Trust: 1.0
vendor:	softbank	model:	android smartphone	scope:	eq	version:	107sh	Trust: 1.0
vendor:	softbank	model:	sharp 3g handset	scope:	eq	version:	002sh	Trust: 1.0
vendor:	softbank	model:	panasonic 3g handset	scope:	eq	version:	001p	Trust: 1.0
vendor:	softbank	model:	samsung 3g handset	scope:	eq	version:	941sc	Trust: 1.0
vendor:	softbank	model:	nec 3g handset	scope:	eq	version:	940n	Trust: 1.0
vendor:	softbank	model:	sharp 3g handset	scope:	eq	version:	940sh	Trust: 1.0
vendor:	softbank	model:	sharp 3g handset	scope:	eq	version:	942p	Trust: 1.0
vendor:	softbank	model:	android smartphone	scope:	eq	version:	101k	Trust: 1.0
vendor:	softbank	model:	sharp 3g handset	scope:	eq	version:	941sc	Trust: 1.0
vendor:	softbank	model:	android smartphone	scope:	eq	version:	007sh	Trust: 1.0
vendor:	softbank	model:	android smartphone	scope:	eq	version:	101dl	Trust: 1.0
vendor:	softbank	model:	mobile wi-fi router	scope:	eq	version:	102hw	Trust: 1.0
vendor:	softbank	model:	nec 3g handset	scope:	eq	version:	931n	Trust: 1.0
vendor:	softbank	model:	android smartphone	scope:	eq	version:	102sh	Trust: 1.0
vendor:	softbank	model:	sharp 3g handset	scope:	eq	version:	941sh	Trust: 1.0
vendor:	softbank	model:	panasonic 3g handset	scope:	eq	version:	942p	Trust: 1.0
vendor:	softbank	model:	android smartphone	scope:	eq	version:	200sh	Trust: 1.0
vendor:	multiple venders	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	softbank	model:	wi-fi application	scope:	eq	version:	1.7.0	Trust: 0.6
vendor:	softbank	model:	wisprclient	scope:	eq	version:	1.3.0	Trust: 0.6

sources: JVNDB: JVNDB-2013-000039 // CNNVD: CNNVD-201305-413 // NVD: CVE-2013-2310

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-2310
value:	LOW
Trust: 1.0
IPA:	JVNDB-2013-000039
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201305-413
value:	LOW
Trust: 0.6
VULHUB:	VHN-62312
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2013-2310
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2013-000039
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-62312
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-62312 // JVNDB: JVNDB-2013-000039 // CNNVD: CNNVD-201305-413 // NVD: CVE-2013-2310

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-62312 // JVNDB: JVNDB-2013-000039 // NVD: CVE-2013-2310

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201305-413

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201305-413

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-000039

PATCH

title:	Information from SoftBank	url:	https://jvn.jp/en/jp/JVN85371480/397327/index.html	Trust: 0.8
title:	Information from WILLCOM	url:	https://jvn.jp/en/jp/JVN85371480/995319/index.html	Trust: 0.8
title:	Information from Disney Mobile on SoftBank	url:	https://jvn.jp/en/jp/JVN85371480/995417/index.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-000039

EXTERNAL IDS

db:	JVN	id:	JVN85371480	Trust: 2.8
db:	NVD	id:	CVE-2013-2310	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-000039	Trust: 2.5
db:	BID	id:	60009	Trust: 1.0
db:	CNNVD	id:	CNNVD-201305-413	Trust: 0.7
db:	JVN	id:	JVN#85371480	Trust: 0.6
db:	VULHUB	id:	VHN-62312	Trust: 0.1

sources: VULHUB: VHN-62312 // BID: 60009 // JVNDB: JVNDB-2013-000039 // CNNVD: CNNVD-201305-413 // NVD: CVE-2013-2310

REFERENCES

url:	http://jvn.jp/en/jp/jvn85371480/index.html	Trust: 2.0
url:	http://jvn.jp/en/jp/jvn85371480/397327/index.html	Trust: 1.7
url:	http://jvn.jp/en/jp/jvn85371480/995319/index.html	Trust: 1.7
url:	http://jvn.jp/en/jp/jvn85371480/995417/index.html	Trust: 1.7
url:	http://jvndb.jvn.jp/jvndb/jvndb-2013-000039	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2310	Trust: 0.8
url:	https://jvn.jp/en/jp/jvn85371480/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2310	Trust: 0.8
url:	http://www.securityfocus.com/bid/60009	Trust: 0.6
url:	http://mb.softbank.jp/en/	Trust: 0.3

sources: VULHUB: VHN-62312 // BID: 60009 // JVNDB: JVNDB-2013-000039 // CNNVD: CNNVD-201305-413 // NVD: CVE-2013-2310

CREDITS

Masashi Sakai

Trust: 0.9

sources: BID: 60009 // CNNVD: CNNVD-201305-413

SOURCES

db:	VULHUB	id:	VHN-62312
db:	BID	id:	60009
db:	JVNDB	id:	JVNDB-2013-000039
db:	CNNVD	id:	CNNVD-201305-413
db:	NVD	id:	CVE-2013-2310

LAST UPDATE DATE

2024-08-14T14:21:21.395000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-62312	date:	2013-06-17T00:00:00
db:	BID	id:	60009	date:	2013-05-20T00:00:00
db:	JVNDB	id:	JVNDB-2013-000039	date:	2013-06-19T00:00:00
db:	CNNVD	id:	CNNVD-201305-413	date:	2013-06-18T00:00:00
db:	NVD	id:	CVE-2013-2310	date:	2013-06-17T04:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-62312	date:	2013-06-17T00:00:00
db:	BID	id:	60009	date:	2013-05-20T00:00:00
db:	JVNDB	id:	JVNDB-2013-000039	date:	2013-05-15T00:00:00
db:	CNNVD	id:	CNNVD-201305-413	date:	2013-05-21T00:00:00
db:	NVD	id:	CVE-2013-2310	date:	2013-06-17T03:29:45.050