Sign-up

ID

VAR-201711-0035


CVE

CVE-2017-10871


TITLE

Wi-Fi STATION L-02F vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2017-000232

DESCRIPTION

Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier allows an attacker to execute arbitrary code via unspecified vectors. Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. contains a buffer overflow vulnerability. Daisuke Makita and Hayato Ushimaru of National Institute of Information and Communications Technology, Jumpei Shimamura of clwit, Inc. and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Receiving crafted packets sent by a remote attacker may cause a buffer overflow condition. As a result, the attacker may execute arbitrary code with the root previlege. NTT DOCOMO Wi-Fi STATION L-02F Software is a system used in portable routers by NTT DOCOMO, Japan

Trust: 1.8

sources: NVD: CVE-2017-10871 // JVNDB: JVNDB-2017-000232 // VULHUB: VHN-101237 // VULMON: CVE-2017-10871

IOT TAXONOMY

category:['network device']sub_category:Wi-Fi station

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:nttdocomomodel:wi-fi station l-02fscope:lteversion:l02f-mdm9625-v10h-jun-23-2017-dcm-jp

Trust: 1.0

vendor:ntt docomomodel:wi-fi station l-02fscope:lteversion:software version l02f-mdm9625-v10h-jun-23-2017-dcm-jp

Trust: 0.8

vendor:nttdocomomodel:wi-fi station l-02fscope:eqversion:l02f-mdm9625-v10h-jun-23-2017-dcm-jp

Trust: 0.6

sources: JVNDB: JVNDB-2017-000232 // CNNVD: CNNVD-201711-388 // NVD: CVE-2017-10871

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-10871
value: CRITICAL

Trust: 1.0

IPA: JVNDB-2017-000232
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201711-388
value: CRITICAL

Trust: 0.6

VULHUB: VHN-101237
value: HIGH

Trust: 0.1

VULMON: CVE-2017-10871
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-10871
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

IPA: JVNDB-2017-000232
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-101237
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-10871
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

IPA: JVNDB-2017-000232
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-101237 // VULMON: CVE-2017-10871 // JVNDB: JVNDB-2017-000232 // CNNVD: CNNVD-201711-388 // NVD: CVE-2017-10871

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-101237 // JVNDB: JVNDB-2017-000232 // NVD: CVE-2017-10871

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-388

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201711-388

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-000232

PATCH
title:NTT DOCOMO, INC. websiteurl:https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html
Trust: 0.8
title:NTT DOCOMO Wi-Fi STATION L-02F Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76256
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-000232 // 
            
            
            
            CNNVD: CNNVD-201711-388

EXTERNAL IDS
db:NVDid:CVE-2017-10871
Trust: 2.7
db:JVNid:JVN23367475
Trust: 2.6
db:JVNDBid:JVNDB-2017-000232
Trust: 0.8
db:CNNVDid:CNNVD-201711-388
Trust: 0.7
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-101237
Trust: 0.1
db:VULMONid:CVE-2017-10871
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-101237 // 
            
            
            
            VULMON: CVE-2017-10871 // 
            
            
            
            JVNDB: JVNDB-2017-000232 // 
            
            
            
            CNNVD: CNNVD-201711-388 // 
            
            
            
            NVD: CVE-2017-10871

REFERENCES
url:http://jvn.jp/en/jp/jvn23367475/index.html
Trust: 2.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10871
Trust: 0.8
url:https://www.ipa.go.jp/security/ciadr/vul/20171106-jvn.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-10871
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-101237 // 
            
            
            
            VULMON: CVE-2017-10871 // 
            
            
            
            JVNDB: JVNDB-2017-000232 // 
            
            
            
            CNNVD: CNNVD-201711-388 // 
            
            
            
            NVD: CVE-2017-10871

SOURCES
db:OTHERid: - 
db:VULHUBid:VHN-101237
db:VULMONid:CVE-2017-10871
db:JVNDBid:JVNDB-2017-000232
db:CNNVDid:CNNVD-201711-388
db:NVDid:CVE-2017-10871

LAST UPDATE DATE
2025-04-20T21:25:12.682000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-101237date:2017-11-29T00:00:00
db:VULMONid:CVE-2017-10871date:2017-11-29T00:00:00
db:JVNDBid:JVNDB-2017-000232date:2018-03-07T00:00:00
db:CNNVDid:CNNVD-201711-388date:2017-11-15T00:00:00
db:NVDid:CVE-2017-10871date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-101237date:2017-11-13T00:00:00
db:VULMONid:CVE-2017-10871date:2017-11-13T00:00:00
db:JVNDBid:JVNDB-2017-000232date:2017-11-06T00:00:00
db:CNNVDid:CNNVD-201711-388date:2017-11-15T00:00:00
db:NVDid:CVE-2017-10871date:2017-11-13T14:29:00.540