CVE-2016-4811

MEDIUM

Ntt-bp Japan Connected-free Wi-fi - Improper Access Control

Title source: rule

Description

The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.15.1 and earlier for Android and 1.13.0 and earlier for iOS allows man-in-the-middle attackers to obtain API access via unspecified vectors.

References (5)

[Various Sources] https://play.google.com/store/apps/details?id=com.nttbp.jfw

[Vendor Advisory] http://jvn.jp/en/jp/JVN46888319/278948/index.html

[Vendor Advisory] http://jvn.jp/en/jp/JVN46888319/index.html

[Vendor Advisory] http://jvndb.jvn.jp/jvndb/JVNDB-2016-000076

[Various Sources] https://itunes.apple.com/app/japan-connected-free-wi-fi/id810838196

Scores

CVSS v3 5.6

EPSS 0.0044

EPSS Percentile 62.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-284

Status draft

Affected Products (2)

ntt-bp/japan_connected-free_wi-fi

Timeline

Published Jun 19, 2016

Tracked Since Feb 18, 2026