CVE-2012-2217

Severity CVSS v4.0:

Pending analysis

Type:

CWE-264 Permissions, Privileges, and Access Control

Publication date:

01/05/2012

Last modified:

11/04/2025

Description

The HTC IQRD service for Android on the HTC EVO 4G before 4.67.651.3, EVO Design 4G before 2.12.651.5, Shift 4G before 2.77.651.3, EVO 3D before 2.17.651.5, EVO View 4G before 2.23.651.1, Vivid before 3.26.502.56, and Hero does not restrict localhost access to TCP port 2479, which allows remote attackers to (1) send SMS messages, (2) obtain the Network Access Identifier (NAI) and its password, or trigger (3) popup messages or (4) tones via a crafted application that leverages the android.permission.INTERNET permission.

Impact

Vector 2.0

AV:N/AC:L/Au:N/C:P/I:P/A:N CVSS v2.0 Severity and Metrics:

Base Score: 6.40 MEDIUM
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): Physical
Integrity (I): Physical
Availability (A): None

Base Score 2.0

6.40

Severity 2.0

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:htc:evo_4g_software::::::::		4.54.651.1 (including)
cpe:2.3:a:htc:evo_4g_software:1.32.651.1:::::::*
cpe:2.3:a:htc:evo_4g_software:1.47.651.1:::::::*
cpe:2.3:a:htc:evo_4g_software:3.26.651.6:::::::*
cpe:2.3:a:htc:evo_4g_software:3.29.651.5:::::::*
cpe:2.3:a:htc:evo_4g_software:3.30.651.2:::::::*
cpe:2.3:a:htc:evo_4g_software:3.30.651.3:::::::*
cpe:2.3:a:htc:evo_4g_software:3.70.651.1:::::::*
cpe:2.3:a:htc:evo_4g_software:4.22.651.2:::::::*
cpe:2.3:a:htc:evo_4g_software:4.24.651.1:::::::*
cpe:2.3:a:htc:evo_4g_software:4.53.651.1:::::::*
cpe:2.3:h:htc:evo_4g:-:::::::*
cpe:2.3:h:htc:evo_4g:gri40:::::::*
cpe:2.3:a:htc:evo_design_4g_software::::::::		1.19.651.1 (including)
cpe:2.3:a:htc:evo_design_4g_software:1.19.651.0:::::::*

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:a:htc:evo_4g_software::::::::		4.54.651.1 (including)
cpe:2.3:a:htc:evo_4g_software:1.32.651.1:::::::*
cpe:2.3:a:htc:evo_4g_software:1.47.651.1:::::::*
cpe:2.3:a:htc:evo_4g_software:3.26.651.6:::::::*
cpe:2.3:a:htc:evo_4g_software:3.29.651.5:::::::*
cpe:2.3:a:htc:evo_4g_software:3.30.651.2:::::::*
cpe:2.3:a:htc:evo_4g_software:3.30.651.3:::::::*
cpe:2.3:a:htc:evo_4g_software:3.70.651.1:::::::*
cpe:2.3:a:htc:evo_4g_software:4.22.651.2:::::::*
cpe:2.3:a:htc:evo_4g_software:4.24.651.1:::::::*
cpe:2.3:a:htc:evo_4g_software:4.53.651.1:::::::*
cpe:2.3:h:htc:evo_4g:-:::::::*
cpe:2.3:h:htc:evo_4g:gri40:::::::*
cpe:2.3:a:htc:evo_design_4g_software::::::::		1.19.651.1 (including)
cpe:2.3:a:htc:evo_design_4g_software:1.19.651.0:::::::*

CVE-2012-2217

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools