PT-2012-1975 · Htc · Sensation Z710E+8
Published
2012-02-05
·
Updated
2012-02-16
·
CVE-2011-4872
CVSS v2.0
2.6
Low
| Vector | AV:N/AC:H/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40, and EVO 4G GRI40
Description
The issue allows remote attackers to obtain 802.1X Wi-Fi credentials and SSID via a crafted application that uses the
android.permission.ACCESS WIFI STATE permission to call the toString method on the WifiConfiguration class.Recommendations
For the affected HTC Android devices, consider restricting the use of the
android.permission.ACCESS WIFI STATE permission to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Desire Hd
Desire S
Droid Incredible
Evo 3D
Evo 4G
Glacier
Sensation 4G
Sensation Z710E
Thunderbolt 4G