6.4
CVE-2008-1938
- EPSS 1.35%
- Veröffentlicht 25.04.2008 06:05:00
- Zuletzt bearbeitet 16.06.2026 22:52:47
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Sony Mylo COM-2 Japanese model firmware before 1.002 does not properly verify web server SSL certificates, which allows remote attackers to obtain sensitive information and conduct spoofing attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sony ≫ Mylo Com 2 Langja Version <= 1.001
Sony ≫ Mylo Com 2 Langen Version <= 1.100
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.35% | 0.678 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:P
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://esupport.sony.com/perl/news-item.pl?news_id=262&mdl=COM2
http://jvn.jp/jp/JVN%2376788395/index.html
http://mylo.nccl.sony.co.jp/download/M-W002-001-02/index.html
http://mylo.nccl.sony.co.jp/hotnews/2008/04/01/index.html
http://secunia.com/advisories/29928
http://www.securityfocus.com/bid/28905
http://www.vupen.com/english/advisories/2008/1349/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41971