Vulnerability Description
The HTC IQRD service for Android on the HTC EVO 4G before 4.67.651.3, EVO Design 4G before 2.12.651.5, Shift 4G before 2.77.651.3, EVO 3D before 2.17.651.5, EVO View 4G before 2.23.651.1, Vivid before 3.26.502.56, and Hero does not restrict localhost access to TCP port 2479, which allows remote attackers to (1) send SMS messages, (2) obtain the Network Access Identifier (NAI) and its password, or trigger (3) popup messages or (4) tones via a crafted application that leverages the android.permission.INTERNET permission.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Htc | Evo 4G Software | <= 4.54.651.1 |
| Htc | Evo 4G | - |
| Htc | Evo Design 4G Software | <= 1.19.651.1 |
| Htc | Evo Design 4G | - |
| Htc | Shift 4G Software | <= 2.76.651.6 |
| Htc | Shift 4G | - |
| Htc | Evo 3D Software | <= 2.08.651.3 |
| Htc | Evo 3D | All versions |
| Htc | Evo View 4G Software | <= 1.22.651.2 |
| Htc | Evo View 4G | - |
| Htc | Vivid Software | <= 3.26.502 |
| Htc | Vivid | - |
| Htc | Hero Software | 1.29.651.1 |
| Htc | Hero | - |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2012-04/0176.html
- http://www.securityfocus.com/bid/53187
- http://www.vsecurity.com/resources/advisory/20120420-1/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75080
- http://archives.neohapsis.com/archives/bugtraq/2012-04/0176.html
- http://www.securityfocus.com/bid/53187
- http://www.vsecurity.com/resources/advisory/20120420-1/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75080
FAQ
What is CVE-2012-2217?
CVE-2012-2217 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The HTC IQRD service for Android on the HTC EVO 4G before 4.67.651.3, EVO Design 4G before 2.12.651.5, Shift 4G before 2.77.651.3, EVO 3D before 2.17.651.5, EVO View 4G before 2.23.651.1, Vivid before...
How severe is CVE-2012-2217?
CVE-2012-2217 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2217?
Check the references section above for vendor advisories and patch information. Affected products include: Htc Evo 4G Software, Htc Evo 4G, Htc Evo Design 4G Software, Htc Evo Design 4G, Htc Shift 4G Software.