CVE-2008-5825
CVSS V2 Low 2.6
CVSS V3 None
Description
The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \r), and . (dot) characters, which allows remote attackers to trick a user into loading an arbitrary URI via a crafted NDEF tag, as demonstrated by (1) an http: URI for a malicious web site, (2) a tel: URI for a premium-rate telephone number, and (3) an sms: URI that triggers purchase of a ringtone.
Overview
- CVE ID
- CVE-2008-5825
- Assigner
- cve@mitre.org
- Vulnerability Status
- Modified
- Published Version
- 2009-01-02T19:30:01
- Last Modified Date
- 2017-08-08T01:33:33
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
cpe:2.3:h:nokia:6131_nfc:05.12:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:H/Au:N/C:N/I:P/A:N
- Access Vector
- NETWORK
- Access Compatibility
- HIGH
- Authentication
- NONE
- Confidentiality Impact
- NONE
- Integrity Impact
- PARTIAL
- Availability Impact
- NONE
- Base Score
- 2.6
- Severity
- LOW
- Exploitability Score
- 4.9
- Impact Score
- 2.9
References
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2008-5825 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5825 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2022-05-10 09:04:53 | Added to TrackCVE |