CVE-2012-2217

Name of the Vulnerable Software and Affected Versions HTC IQRD service for Android on the HTC EVO 4G versions prior to 4.67.651.3 HTC IQRD service for Android on the EVO Design 4G versions prior to 2.12.651.5 HTC IQRD service for Android on the Shift 4G versions prior to 2.77.651.3 HTC IQRD service for Android on the EVO 3D versions prior to 2.17.651.5 HTC IQRD service for Android on the EVO View 4G versions prior to 2.23.651.1 HTC IQRD service for Android on the Vivid versions prior to 3.26.502.56

Description The issue allows remote attackers to send SMS messages, obtain the Network Access Identifier (NAI) and its password, trigger popup messages, or tones via a crafted application that leverages the android.permission.INTERNET permission, due to the lack of restriction on localhost access to TCP port 2479.

Recommendations For HTC EVO 4G versions prior to 4.67.651.3, update to version 4.67.651.3 or later. For EVO Design 4G versions prior to 2.12.651.5, update to version 2.12.651.5 or later. For Shift 4G versions prior to 2.77.651.3, update to version 2.77.651.3 or later. For EVO 3D versions prior to 2.17.651.5, update to version 2.17.651.5 or later. For EVO View 4G versions prior to 2.23.651.1, update to version 2.23.651.1 or later. For Vivid versions prior to 3.26.502.56, update to version 3.26.502.56 or later.