CVE-2017-2278

MEDIUM

RBB SPEED TEST App for Android <= 2.0.3 and iOS <= 2.1.0 - Improper Certificate Validation

Title source: llm
STIX 2.1

Description

The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

References (2)

Core 2
Core References
Broken Link, Third Party Advisory x_refsource_misc
http://www.iid.co.jp/information/170714.html
Third Party Advisory, VDB Entry third-party-advisory x_refsource_jvn
https://jvn.jp/en/jp/JVN24238648/index.html

Scores

CVSS v3 5.9
EPSS 0.0063
EPSS Percentile 45.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-295
Status published
Products (3)
iid/rbb_speed_test
IID, Inc./RBB SPEED TEST App for Android version 2.0.3 and earlier
IID, Inc./RBB SPEED TEST App for iOS version 2.1.0 and earlier
Published Aug 02, 2017
Tracked Since Feb 18, 2026