CVE-2011-4872
HTC Android Devices - Unauthorized 802.1X Wi-Fi Credential Exposure via WifiConfiguration toString
Title source: llmDescription
Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40, and EVO 4G GRI40 allow remote attackers to obtain 802.1X Wi-Fi credentials and SSID via a crafted application that uses the android.permission.ACCESS_WIFI_STATE permission to call the toString method on the WifiConfiguration class.
References (5)
Core 5
Core References
Various Sources x_refsource_misc
http://blog.mywarwithentropy.com/2012/02/8021x-password-exploit-on-many-htc.html
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/763355
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-02/0002.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/47837
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/51790
Scores
EPSS
0.0140
EPSS Percentile
69.2%
Details
CWE
CWE-200
Status
published
Products (10)
htc/desire_hd
frg83d
htc/desire_hd
gri40
htc/desire_s
gri40
htc/droid_incredible
frf91
htc/evo_3d
gri40
htc/evo_4g
gri40
htc/glacier
frg83
htc/sensation_4g
gri40
htc/sensation_z710e
gri40
htc/thunderbolt_4g
frg83d
Published
Feb 05, 2012
Tracked Since
Feb 18, 2026