CVE-2017-2278

MEDIUM

RBB SPEED TEST <2.0.3-2.1.0 - XSS

Title source: llm

Description

The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

References (2)

[Broken Link, Third Party Advisory] http://www.iid.co.jp/information/170714.html

[Third Party Advisory, VDB Entry] https://jvn.jp/en/jp/JVN24238648/index.html

Scores

CVSS v3 5.9

EPSS 0.0031

EPSS Percentile 54.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-295

Status published

Products (3)

iid/rbb_speed_test

IID, Inc./RBB SPEED TEST App for Android < version 2.0.3 and earlier

IID, Inc./RBB SPEED TEST App for iOS < version 2.1.0 and earlier

Published Aug 02, 2017

Tracked Since Feb 18, 2026