The HTC IQRD service for Android on the HTC EVO 4G prior to 4.67.651.3, EVO Design 4G prior to 2.12.651.5, Shift 4G prior to 2.77.651.3, EVO 3D prior to 2.17.651.5, EVO View 4G prior to 2.23.651.1, Vivid prior to 3.26.502.56, and Hero does not restrict localhost access to TCP port 2479, which allows remote malicious users to (1) send SMS messages, (2) obtain the Network Access Identifier (NAI) and its password, or trigger (3) popup messages or (4) tones via a crafted application that leverages the android.permission.INTERNET permission.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
htc evo_4g_software 3.70.651.1 |
||
htc evo_4g_software 3.30.651.3 |
||
htc evo_4g_software 3.30.651.2 |
||
htc evo_4g_software 3.29.651.5 |
||
htc evo_4g_software |
||
htc evo_4g_software 4.53.651.1 |
||
htc evo_4g_software 3.26.651.6 |
||
htc evo_4g_software 1.47.651.1 |
||
htc evo_4g_software 1.32.651.1 |
||
htc evo_4g_software 4.24.651.1 |
||
htc evo_4g_software 4.22.651.2 |
||
htc evo_4g - |
||
htc evo_4g gri40 |
||
htc evo_design_4g_software |
||
htc evo_design_4g_software 1.19.651.0 |
||
htc evo_design_4g - |
||
htc shift_4g_software |
||
htc shift_4g_software 2.75.651.5 |
||
htc shift_4g_software 2.75.651.4 |
||
htc shift_4g_software 1.17.651.1 |
||
htc shift_4g - |
||
htc evo_3d_software |
||
htc evo_3d_software 2.08.651.2 |
||
htc evo_3d_software 1.13.651.7 |
||
htc evo_3d_software 1.11.651.3 |
||
htc evo_3d |
||
htc evo_3d gri40 |
||
htc evo_view_4g_software |
||
htc evo_view_4g_software 1.22.651.1 |
||
htc evo_view_4g - |
||
htc vivid_software |
||
htc vivid - |
||
htc hero_software 1.56.651.2 |
||
htc hero_software 1.29.651.1 |
||
htc hero_software 2.32.651.2 |
||
htc hero_software 2.31.651.7 |
||
htc hero_software 2.27.651.6 |
||
htc hero_software 2.27.651.5 |
||
htc hero - |
Vulmon