CVE-2011-3975
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
03/10/2011
Last modified:
11/04/2025
Description
A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a list of telephone numbers from a log, and other sensitive information, by leveraging the android.permission.INTERNET application permission and establishing TCP sessions to 127.0.0.1 on port 65511 and a second port.
Impact
Base Score 2.0
2.60
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:google:android:2.3.4:*:*:*:*:*:*:* | ||
| cpe:2.3:h:htc:evo_3d:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:htc:evo_4g:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:htc:thunderbolt:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://news.cnet.com/8301-1035_3-20114556-94/
- http://www.androidpolice.com/2011/10/01/massive-security-vulnerability-in-htc-android-devices-evo-3d-4g-thunderbolt-others-exposes-phone-numbers-gps-sms-emails-addresses-much-more/
- http://www.securityfocus.com/bid/49916
- http://www.thetechherald.com/article.php/201140/7676/HTC-looking-into-vulnerability-reports
- https://exchange.xforce.ibmcloud.com/vulnerabilities/70270
- http://news.cnet.com/8301-1035_3-20114556-94/
- http://www.androidpolice.com/2011/10/01/massive-security-vulnerability-in-htc-android-devices-evo-3d-4g-thunderbolt-others-exposes-phone-numbers-gps-sms-emails-addresses-much-more/
- http://www.securityfocus.com/bid/49916
- http://www.thetechherald.com/article.php/201140/7676/HTC-looking-into-vulnerability-reports
- https://exchange.xforce.ibmcloud.com/vulnerabilities/70270