Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2018-9489

Published: 06/11/2018 Updated: 13/12/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Google

Vulnerability Summary

When wifi is switched, function sendNetworkStateChangeBroadcast of WifiStateMachine.java broadcasts an intent including detailed wifi network information. This could lead to information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-77286245.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google android 7.1.1

google android 7.1.2

google android 9.0

google android 8.0

google android 8.1

google android 7.0

Exploits

Exploit DB: Android OS WiFi Broadcast Sensitive Data Exposure
System broadcasts by Android OS expose information about the user's device to all applications running on the device This includes the WiFi network name, BSSID, local IP addresses, DNS server information and the MAC address Some of this information (MAC address) is no longer available via APIs on Android 6 and higher, and extra permissions are no ...
Exploit DB: Android 5.0 Battery Information Broadcast Information Disclosure
Android OS version 50 suffers from a sensitive data exposure vulnerability in its battery information broadcasts ...
Exploit DB: Android RSSI Broadcast Information Disclosure
Android OS suffers from a sensitive data exposure vulnerability in its RSSI broadcasts ...

Mailing Lists

Full Disclosure: Sensitive Data Exposure via WiFi Broadcasts in Android OS [CVE-2018-9489]
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Sensitive Data Exposure via WiFi Broadcasts in Android OS [CVE-2018-9489] <!--X-Subject-Header-End--> <!--X-Head-of-Me ...

Recent Articles

Security bods: Android system broadcasts enable user tracking
The Register • Richard Chirgwin • 31 Aug 2018

Bypassing permission protection on network info Android data slurping measured and monitored

Security researchers have found a way to sniff Android system broadcasts to expose Wi-Fi connection information to attackers. Tracked as CVE-2018-9489, the issue was discovered by Nightwatch Cybersecurity and published yesterday. If you can, upgrade to Android 9 (Pie), because there's no plan to fix older versions. What they found was that the system broadcasts spaff “Wi-Fi network name, BSSID, local IP addresses, DNS server information and the MAC address” to any application running on the ...

Read more...

References

CWE-200https://wwws.nightwatchcybersecurity.com/2018/08/29/sensitive-data-exposure-via-wifi-broadcasts-in-android-os-cve-2018-9489/http://www.securitytracker.com/id/1041590https://nvd.nist.govhttps://www.theregister.co.uk/2018/08/31/android_user_tracking/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook