PT-2019-14364 · Softbank+2 · Jp.Softbank.Mb.Tdrl+2
Published
2019-11-14
·
Updated
2019-11-19
·
CVE-2019-15744
CVSS v2.0
2.1
Low
| Vector | AV:L/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Sony Xperia XZs Android device with a build fingerprint of Sony/keyaki softbank/keyaki softbank:7.1.1/TONE3-3.0.0-SOFTBANK-170517-0323/1:user/dev-keys
jp.softbank.mb.tdrl app version 1.3.0
Description
The issue allows unauthorized modification of wireless settings via a confused deputy attack. This capability can be accessed by any app co-located on the device.
Recommendations
For the Sony Xperia XZs Android device, consider restricting access to the jp.softbank.mb.tdrl app until a patch is available.
For the jp.softbank.mb.tdrl app version 1.3.0, avoid using the app for sensitive operations until the issue is resolved.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android
Sony Xperia Xzs
Jp.Softbank.Mb.Tdrl