Search criteria
3 vulnerabilities found for rbb_speed_test by iid
FKIE_CVE-2017-2278
Vulnerability from fkie_nvd - Published: 2017-08-02 16:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
References
| URL | Tags | ||
|---|---|---|---|
| vultures@jpcert.or.jp | http://www.iid.co.jp/information/170714.html | Broken Link, Third Party Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN24238648/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iid.co.jp/information/170714.html | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN24238648/index.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| iid | rbb_speed_test | - | |
| android | * | ||
| iid | rbb_speed_test | - | |
| apple | iphone_os | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iid:rbb_speed_test:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67143102-14B0-45F9-8C6E-66733446CC46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C53B5958-BCDB-4D35-923F-1F997B1ABC8C",
"versionEndIncluding": "2.0.3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iid:rbb_speed_test:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67143102-14B0-45F9-8C6E-66733446CC46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49BAE6ED-890F-49BC-A54C-5E5C71899F8A",
"versionEndIncluding": "2.1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
},
{
"lang": "es",
"value": "Las versiones 2.0.3 y anteriores de la aplicaci\u00f3n RBB SPEED TEST App para Android, as\u00ed como las versiones 2.1.0 y anteriores para iOS no verifican certificados X.509 desde servidores SSL. Esto permite a los atacantes que realicen Man-in-the-Middle (MitM) suplantar servidores y obtener informaci\u00f3n sensible utilizando un certificado manipulado."
}
],
"id": "CVE-2017-2278",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-02T16:29:00.317",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://www.iid.co.jp/information/170714.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN24238648/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://www.iid.co.jp/information/170714.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN24238648/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-2278 (GCVE-0-2017-2278)
Vulnerability from cvelistv5 – Published: 2017-08-02 16:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity ?
No CVSS data available.
CWE
- Fails to verify SSL certificates
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IID, Inc. | RBB SPEED TEST App for Android |
Affected:
version 2.0.3 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.iid.co.jp/information/170714.html"
},
{
"name": "JVN#24238648",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN24238648/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RBB SPEED TEST App for Android",
"vendor": "IID, Inc.",
"versions": [
{
"status": "affected",
"version": "version 2.0.3 and earlier"
}
]
},
{
"product": "RBB SPEED TEST App for iOS",
"vendor": "IID, Inc.",
"versions": [
{
"status": "affected",
"version": "version 2.1.0 and earlier"
}
]
}
],
"datePublic": "2017-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to verify SSL certificates",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-02T15:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.iid.co.jp/information/170714.html"
},
{
"name": "JVN#24238648",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN24238648/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RBB SPEED TEST App for Android",
"version": {
"version_data": [
{
"version_value": "version 2.0.3 and earlier"
}
]
}
},
{
"product_name": "RBB SPEED TEST App for iOS",
"version": {
"version_data": [
{
"version_value": "version 2.1.0 and earlier"
}
]
}
}
]
},
"vendor_name": "IID, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to verify SSL certificates"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.iid.co.jp/information/170714.html",
"refsource": "MISC",
"url": "http://www.iid.co.jp/information/170714.html"
},
{
"name": "JVN#24238648",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN24238648/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2278",
"datePublished": "2017-08-02T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2278 (GCVE-0-2017-2278)
Vulnerability from nvd – Published: 2017-08-02 16:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity ?
No CVSS data available.
CWE
- Fails to verify SSL certificates
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IID, Inc. | RBB SPEED TEST App for Android |
Affected:
version 2.0.3 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.iid.co.jp/information/170714.html"
},
{
"name": "JVN#24238648",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN24238648/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RBB SPEED TEST App for Android",
"vendor": "IID, Inc.",
"versions": [
{
"status": "affected",
"version": "version 2.0.3 and earlier"
}
]
},
{
"product": "RBB SPEED TEST App for iOS",
"vendor": "IID, Inc.",
"versions": [
{
"status": "affected",
"version": "version 2.1.0 and earlier"
}
]
}
],
"datePublic": "2017-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to verify SSL certificates",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-02T15:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.iid.co.jp/information/170714.html"
},
{
"name": "JVN#24238648",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN24238648/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RBB SPEED TEST App for Android",
"version": {
"version_data": [
{
"version_value": "version 2.0.3 and earlier"
}
]
}
},
{
"product_name": "RBB SPEED TEST App for iOS",
"version": {
"version_data": [
{
"version_value": "version 2.1.0 and earlier"
}
]
}
}
]
},
"vendor_name": "IID, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to verify SSL certificates"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.iid.co.jp/information/170714.html",
"refsource": "MISC",
"url": "http://www.iid.co.jp/information/170714.html"
},
{
"name": "JVN#24238648",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN24238648/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2278",
"datePublished": "2017-08-02T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}