Details of VAR-201709-0211

ID

VAR-201709-0211

CVE

CVE-2017-10846

TITLE

Wi-Fi STATION L-02F fails to restrict access permissions

Trust: 0.8

sources: JVNDB: JVNDB-2017-000218

DESCRIPTION

Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors. Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. fails to restrict access permissions. Japan Computer Emergency Response Team Coordination Center Global Coordination Division Cyber Metrics Line Information Security Analyst Keisuke Shikano reported this vulnerability to IPA. NTT DOCOMO Wi-Fi STATION L-02F Software is a set of software used in routers by NTT DOCOMO, Japan. A security vulnerability exists in NTT DOCOMO Wi-Fi STATION L-02F Software V10b and earlier versions

Trust: 1.71

sources: NVD: CVE-2017-10846 // JVNDB: JVNDB-2017-000218 // VULHUB: VHN-101209

AFFECTED PRODUCTS

vendor:	nttdocomo	model:	wi-fi station l-02f	scope:	lte	version:	v10b	Trust: 1.0
vendor:	ntt docomo	model:	wi-fi station l-02f	scope:	lte	version:	software version v10b	Trust: 0.8
vendor:	nttdocomo	model:	wi-fi station l-02f	scope:	eq	version:	v10b	Trust: 0.6

sources: JVNDB: JVNDB-2017-000218 // CNNVD: CNNVD-201709-783 // NVD: CVE-2017-10846

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-10846
value:	HIGH
Trust: 1.0
IPA:	JVNDB-2017-000218
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201709-783
value:	HIGH
Trust: 0.6
VULHUB:	VHN-101209
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-10846
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2017-000218
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-101209
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-10846
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.0
IPA:	JVNDB-2017-000218
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-101209 // JVNDB: JVNDB-2017-000218 // CNNVD: CNNVD-201709-783 // NVD: CVE-2017-10846

PROBLEMTYPE DATA

problemtype:	CWE-862	Trust: 1.1
problemtype:	CWE-264	Trust: 0.8
problemtype:	CWE-284	Trust: 0.1

sources: VULHUB: VHN-101209 // JVNDB: JVNDB-2017-000218 // NVD: CVE-2017-10846

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-783

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201709-783

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-000218

PATCH

title:	NTT DOCOMO, INC. website	url:	https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html	Trust: 0.8
title:	NTT DOCOMO Wi-Fi STATION L-02F Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74955	Trust: 0.6

sources: JVNDB: JVNDB-2017-000218 // CNNVD: CNNVD-201709-783

EXTERNAL IDS

db:	JVN	id:	JVN03044183	Trust: 2.5
db:	NVD	id:	CVE-2017-10846	Trust: 2.5
db:	JVNDB	id:	JVNDB-2017-000218	Trust: 0.8
db:	CNNVD	id:	CNNVD-201709-783	Trust: 0.7
db:	VULHUB	id:	VHN-101209	Trust: 0.1

sources: VULHUB: VHN-101209 // JVNDB: JVNDB-2017-000218 // CNNVD: CNNVD-201709-783 // NVD: CVE-2017-10846

REFERENCES

url:	https://jvn.jp/en/jp/jvn03044183/index.html	Trust: 2.5
url:	https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10846	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-10846	Trust: 0.8

sources: VULHUB: VHN-101209 // JVNDB: JVNDB-2017-000218 // CNNVD: CNNVD-201709-783 // NVD: CVE-2017-10846

SOURCES

db:	VULHUB	id:	VHN-101209
db:	JVNDB	id:	JVNDB-2017-000218
db:	CNNVD	id:	CNNVD-201709-783
db:	NVD	id:	CVE-2017-10846

LAST UPDATE DATE

2025-04-20T23:38:27.718000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-101209	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-000218	date:	2018-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201709-783	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-10846	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-101209	date:	2017-09-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-000218	date:	2017-09-12T00:00:00
db:	CNNVD	id:	CNNVD-201709-783	date:	2017-09-19T00:00:00
db:	NVD	id:	CVE-2017-10846	date:	2017-09-15T17:29:00.303