Sign-up

ID

VAR-201709-0210


CVE

CVE-2017-10845


TITLE

Backdoor access issue in Wi-Fi STATION L-02F

Trust: 0.8

sources: JVNDB: JVNDB-2017-000217

DESCRIPTION

Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account. Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. contains a backdoor access issue. Japan Computer Emergency Response Team Coordination Center Global Coordination Division Cyber Metrics Line Information Security Analyst Keisuke Shikano reported this vulnerability to IPA. The reporter has conducted a test and confirmed that an attacker can log in to the device through internet by using an ID and a password, and execute arbitrary command. NTT DOCOMO Wi-Fi STATION L-02F Software is a set of software used in L-02F router by NTT DOCOMO, Japan. A security vulnerability exists in NTT DOCOMO Wi-Fi STATION L-02F Software V10g and earlier versions

Trust: 1.8

sources: NVD: CVE-2017-10845 // JVNDB: JVNDB-2017-000217 // VULHUB: VHN-101208 // VULMON: CVE-2017-10845

AFFECTED PRODUCTS

vendor:nttdocomomodel:wi-fi station l-02fscope:lteversion:v10g

Trust: 1.0

vendor:ntt docomomodel:wi-fi station l-02fscope:lteversion:software version v10g

Trust: 0.8

vendor:nttdocomomodel:wi-fi station l-02fscope:eqversion:v10g

Trust: 0.6

sources: JVNDB: JVNDB-2017-000217 // CNNVD: CNNVD-201709-784 // NVD: CVE-2017-10845

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-10845
value: CRITICAL

Trust: 1.0

IPA: JVNDB-2017-000217
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201709-784
value: CRITICAL

Trust: 0.6

VULHUB: VHN-101208
value: HIGH

Trust: 0.1

VULMON: CVE-2017-10845
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-10845
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

IPA: JVNDB-2017-000217
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-101208
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-10845
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

IPA: JVNDB-2017-000217
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-101208 // VULMON: CVE-2017-10845 // JVNDB: JVNDB-2017-000217 // CNNVD: CNNVD-201709-784 // NVD: CVE-2017-10845

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-101208 // JVNDB: JVNDB-2017-000217 // NVD: CVE-2017-10845

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-784

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201709-784

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-000217

PATCH
title:NTT DOCOMO, INC. websiteurl:https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html
Trust: 0.8
title:NTT DOCOMO Wi-Fi STATION L-02F Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74956
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-000217 // 
            
            
            
            CNNVD: CNNVD-201709-784

EXTERNAL IDS
db:NVDid:CVE-2017-10845
Trust: 2.6
db:JVNid:JVN68922465
Trust: 2.6
db:JVNDBid:JVNDB-2017-000217
Trust: 0.8
db:CNNVDid:CNNVD-201709-784
Trust: 0.7
db:VULHUBid:VHN-101208
Trust: 0.1
db:VULMONid:CVE-2017-10845
Trust: 0.1
sources:
            
            
            VULHUB: VHN-101208 // 
            
            
            
            VULMON: CVE-2017-10845 // 
            
            
            
            JVNDB: JVNDB-2017-000217 // 
            
            
            
            CNNVD: CNNVD-201709-784 // 
            
            
            
            NVD: CVE-2017-10845

REFERENCES
url:https://jvn.jp/en//jp/jvn68922465/index.html
Trust: 1.8
url:https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10845
Trust: 0.8
url:https://www.ipa.go.jp/security/ciadr/vul/20170912-jvn.html
Trust: 0.8
url:https://www.jpcert.or.jp/at/2017/at170034.html
Trust: 0.8
url:https://jvn.jp/en/jp/jvn68922465/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-10845
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-101208 // 
            
            
            
            VULMON: CVE-2017-10845 // 
            
            
            
            JVNDB: JVNDB-2017-000217 // 
            
            
            
            CNNVD: CNNVD-201709-784 // 
            
            
            
            NVD: CVE-2017-10845

SOURCES
db:VULHUBid:VHN-101208
db:VULMONid:CVE-2017-10845
db:JVNDBid:JVNDB-2017-000217
db:CNNVDid:CNNVD-201709-784
db:NVDid:CVE-2017-10845

LAST UPDATE DATE
2025-04-20T23:42:57.428000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-101208date:2019-10-09T00:00:00
db:VULMONid:CVE-2017-10845date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2017-000217date:2018-02-28T00:00:00
db:CNNVDid:CNNVD-201709-784date:2019-10-17T00:00:00
db:NVDid:CVE-2017-10845date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-101208date:2017-09-15T00:00:00
db:VULMONid:CVE-2017-10845date:2017-09-15T00:00:00
db:JVNDBid:JVNDB-2017-000217date:2017-09-12T00:00:00
db:CNNVDid:CNNVD-201709-784date:2017-09-19T00:00:00
db:NVDid:CVE-2017-10845date:2017-09-15T17:29:00.273