CVE-2022-41986 An information disclosure vulnerability in Android App IIJ SmartKey versions prior to 2.1.4 could allow an attacker to obtain a one-time password.

- CVE-2018-0740 The IiiJ SmartKey Android App allows a remote attacker to bypass authentication and access the device settings via SQL injection. - CVE-2018-0739 The IiiJ SmartKey Android App allows a remote attacker to bypass authentication and access the device settings via SQL injection. - CVE-2018-0738 The IiiJ SmartKey Android App allows a remote attacker to bypass authentication and access the device settings via SQL injection. - CVE-2018-0737 The IiiJ SmartKey Android App allows a remote attacker to bypass authentication and access the device settings via SQL injection. - CVE-2018-0736 The IiiJ SmartKey Android App allows a remote attacker to bypass authentication and access the device settings via SQL injection. - CVE-2018-0735 The IiiJ SmartKey Android App allows a remote attacker to bypass authentication and access the device settings via SQL injection. - CVE-2018-0734 The IiiJ SmartKey Android App allows a remote attacker to bypass authentication and access the device settings via SQL injection.

Android app 'IiiJ SmartKey' versions prior to 2.1.4 contain a vulnerability that allows an attacker to take control of the device. - CVE-2018-0733 The IiiJ SmartKey Android App allows a remote attacker to bypass authentication and access the device settings via SQL injection. - CVE-2018-0732 The IiiJ SmartKey Android App allows a remote attacker

CloudBees Cyber Exposure Platform

The CloudBees Cyber Exposure Platform (CEP) is an API-based service that enables you to identify and remediate risks to your digital assets in the cloud. CEP empowers organizations with the ability to proactively manage their cyber exposure, including detecting and monitoring suspicious activity, reporting data back to the system for further investigation, and automatically taking action on anomalous events.

Finding and Installing the Android App

- CVE-2018-0731 The IiiJ SmartKey Android App allows a remote attacker to bypass authentication and access the device settings via SQL injection. - CVE-2018-0730 The IiiJ SmartKey Android App allows a remote attacker to bypass authentication and access the device settings via SQL injection. - CVE-2018-0729 The IiiJ SmartKey Android App allows a remote attacker to bypass authentication and access the device settings via SQL injection. - CVE-2018-0728 The IiiJ SmartKey Android App allows a remote attacker to bypass authentication and access the device settings via SQL injection.

Timeline

Published on: 10/24/2022 14:15:00 UTC
Last modified on: 10/25/2022 13:58:00 UTC

References

• https://jvn.jp/en/jp/JVN74534998/index.html
• https://play.google.com/store/apps/details?id=jp.ad.iij.smartkey2
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41986