CVE-2011-4872

Severity Score

2.6

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40, and EVO 4G GRI40 allow remote attackers to obtain 802.1X Wi-Fi credentials and SSID via a crafted application that uses the android.permission.ACCESS_WIFI_STATE permission to call the toString method on the WifiConfiguration class.

Múltiples dispositivos Android HTC incluyendo Desire HD FRG83D y GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40 y EVO 4G GRI40 permiten a atacantes remotos obtener las credenciales Wi-Fi 802.1X y el SSID a través de una aplicación modificada que utiliza el permiso android.permission.ACCESS_WIFI_STATE para invocar el método toString en la clase WifiConfiguration.

*Credits: N/A

CVSS Scores

NISTv2 2.6

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-12-21 CVE Reserved
2012-02-02 CVE Published
2024-09-17 CVE Updated
2024-09-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (5)

URL	Tag	Source
http://archives.neohapsis.com/archives/bugtraq/2012-02/0002.html	Mailing List
http://blog.mywarwithentropy.com/2012/02/8021x-password-exploit-on-many-htc.html	X_refsource_misc
http://www.kb.cert.org/vuls/id/763355	Third Party Advisory
http://www.securityfocus.com/bid/51790	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/47837	2012-02-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Htc Search vendor "Htc"		Desire Hd Search vendor "Htc" for product "Desire Hd"				frg83d Search vendor "Htc" for product "Desire Hd" and version "frg83d"		-		Affected
Htc Search vendor "Htc"		Desire Hd Search vendor "Htc" for product "Desire Hd"				gri40 Search vendor "Htc" for product "Desire Hd" and version "gri40"		-		Affected
Htc Search vendor "Htc"		Desire S Search vendor "Htc" for product "Desire S"				gri40 Search vendor "Htc" for product "Desire S" and version "gri40"		-		Affected
Htc Search vendor "Htc"		Droid Incredible Search vendor "Htc" for product "Droid Incredible"				frf91 Search vendor "Htc" for product "Droid Incredible" and version "frf91"		-		Affected
Htc Search vendor "Htc"		Evo 3d Search vendor "Htc" for product "Evo 3d"				gri40 Search vendor "Htc" for product "Evo 3d" and version "gri40"		-		Affected
Htc Search vendor "Htc"		Evo 4g Search vendor "Htc" for product "Evo 4g"				gri40 Search vendor "Htc" for product "Evo 4g" and version "gri40"		-		Affected
Htc Search vendor "Htc"		Glacier Search vendor "Htc" for product "Glacier"				frg83 Search vendor "Htc" for product "Glacier" and version "frg83"		-		Affected
Htc Search vendor "Htc"		Sensation 4g Search vendor "Htc" for product "Sensation 4g"				gri40 Search vendor "Htc" for product "Sensation 4g" and version "gri40"		-		Affected
Htc Search vendor "Htc"		Sensation Z710e Search vendor "Htc" for product "Sensation Z710e"				gri40 Search vendor "Htc" for product "Sensation Z710e" and version "gri40"		-		Affected
Htc Search vendor "Htc"		Thunderbolt 4g Search vendor "Htc" for product "Thunderbolt 4g"				frg83d Search vendor "Htc" for product "Thunderbolt 4g" and version "frg83d"		-		Affected