CVE-2011-4872

HTC Android Devices - Unauthorized 802.1X Wi-Fi Credential Exposure via WifiConfiguration toString

Title source: llm
STIX 2.1

Description

Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40, and EVO 4G GRI40 allow remote attackers to obtain 802.1X Wi-Fi credentials and SSID via a crafted application that uses the android.permission.ACCESS_WIFI_STATE permission to call the toString method on the WifiConfiguration class.

References (5)

Core 5
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/763355
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-02/0002.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47837
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/51790

Scores

EPSS 0.0140
EPSS Percentile 69.2%

Details

CWE
CWE-200
Status published
Products (10)
htc/desire_hd frg83d
htc/desire_hd gri40
htc/desire_s gri40
htc/droid_incredible frf91
htc/evo_3d gri40
htc/evo_4g gri40
htc/glacier frg83
htc/sensation_4g gri40
htc/sensation_z710e gri40
htc/thunderbolt_4g frg83d
Published Feb 05, 2012
Tracked Since Feb 18, 2026