CVE-2011-4872
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
05/02/2012
Last modified:
11/04/2025
Description
Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40, and EVO 4G GRI40 allow remote attackers to obtain 802.1X Wi-Fi credentials and SSID via a crafted application that uses the android.permission.ACCESS_WIFI_STATE permission to call the toString method on the WifiConfiguration class.
Impact
Base Score 2.0
2.60
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:h:htc:desire_hd:frg83d:*:*:*:*:*:*:* | ||
| cpe:2.3:h:htc:desire_hd:gri40:*:*:*:*:*:*:* | ||
| cpe:2.3:h:htc:desire_s:gri40:*:*:*:*:*:*:* | ||
| cpe:2.3:h:htc:droid_incredible:frf91:*:*:*:*:*:*:* | ||
| cpe:2.3:h:htc:evo_3d:gri40:*:*:*:*:*:*:* | ||
| cpe:2.3:h:htc:evo_4g:gri40:*:*:*:*:*:*:* | ||
| cpe:2.3:h:htc:glacier:frg83:*:*:*:*:*:*:* | ||
| cpe:2.3:h:htc:sensation_4g:gri40:*:*:*:*:*:*:* | ||
| cpe:2.3:h:htc:sensation_z710e:gri40:*:*:*:*:*:*:* | ||
| cpe:2.3:h:htc:thunderbolt_4g:frg83d:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://archives.neohapsis.com/archives/bugtraq/2012-02/0002.html
- http://blog.mywarwithentropy.com/2012/02/8021x-password-exploit-on-many-htc.html
- http://secunia.com/advisories/47837
- http://www.kb.cert.org/vuls/id/763355
- http://www.securityfocus.com/bid/51790
- http://archives.neohapsis.com/archives/bugtraq/2012-02/0002.html
- http://blog.mywarwithentropy.com/2012/02/8021x-password-exploit-on-many-htc.html
- http://secunia.com/advisories/47837
- http://www.kb.cert.org/vuls/id/763355
- http://www.securityfocus.com/bid/51790