CVE-2011-4872
CVSS V2 Low 2.6
CVSS V3 None
Description
Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40, and EVO 4G GRI40 allow remote attackers to obtain 802.1X Wi-Fi credentials and SSID via a crafted application that uses the android.permission.ACCESS_WIFI_STATE permission to call the toString method on the WifiConfiguration class.
Overview
- CVE ID
- CVE-2011-4872
- Assigner
- cret@cert.org
- Vulnerability Status
- Analyzed
- Published Version
- 2012-02-05T11:55:03
- Last Modified Date
- 2012-02-16T05:00:00
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:h:htc:desire_hd:frg83d:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:htc:desire_hd:gri40:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:htc:desire_s:gri40:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:htc:droid_incredible:frf91:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:htc:evo_3d:gri40:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:htc:evo_4g:gri40:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:htc:glacier:frg83:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:htc:sensation_4g:gri40:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:htc:sensation_z710e:gri40:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:htc:thunderbolt_4g:frg83d:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:H/Au:N/C:P/I:N/A:N
- Access Vector
- NETWORK
- Access Compatibility
- HIGH
- Authentication
- NONE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- NONE
- Availability Impact
- NONE
- Base Score
- 2.6
- Severity
- LOW
- Exploitability Score
- 4.9
- Impact Score
- 2.9
References
| Reference URL | Reference Tags |
|---|---|
| http://www.securityfocus.com/bid/51790 | |
| http://secunia.com/advisories/47837 | Vendor Advisory |
| http://blog.mywarwithentropy.com/2012/02/8021x-password-exploit-on-many-htc.html | |
| http://archives.neohapsis.com/archives/bugtraq/2012-02/0002.html | |
| http://www.kb.cert.org/vuls/id/763355 | US Government Resource |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2011-4872 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4872 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 10:56:15 | Added to TrackCVE |