{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-12-29T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \\r), and . (dot) characters, which allows remote attackers to trick a user into loading an arbitrary URI via a crafted NDEF tag, as demonstrated by (1) an http: URI for a malicious web site, (2) a tel: URI for a premium-rate telephone number, and (3) an sms: URI that triggers purchase of a ringtone."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf"}, {"name": "30716", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/30716"}, {"tags": ["x_refsource_MISC"], "url": "http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt"}, {"tags": ["x_refsource_MISC"], "url": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf"}, {"tags": ["x_refsource_MISC"], "url": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html"}, {"name": "nokia-6131-ndef-uri-spoofing(44527)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44527"}, {"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2008-08/0186.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf"}, {"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0344.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5825", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \\r), and . (dot) characters, which allows remote attackers to trick a user into loading an arbitrary URI via a crafted NDEF tag, as demonstrated by (1) an http: URI for a malicious web site, (2) a tel: URI for a premium-rate telephone number, and (3) an sms: URI that triggers purchase of a ringtone."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf", "refsource": "MISC", "url": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf"}, {"name": "30716", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30716"}, {"name": "http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt", "refsource": "MISC", "url": "http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt"}, {"name": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf", "refsource": "MISC", "url": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf"}, {"name": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html", "refsource": "MISC", "url": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html"}, {"name": "nokia-6131-ndef-uri-spoofing(44527)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44527"}, {"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2008-08/0186.html"}, {"name": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf", "refsource": "MISC", "url": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf"}, {"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0344.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:04:44.699Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf"}, {"name": "30716", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/30716"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html"}, {"name": "nokia-6131-ndef-uri-spoofing(44527)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44527"}, {"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2008-08/0186.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf"}, {"name": "20080816 Nokia 6131 NFC URI/URL Spoofing and DoS Advisory", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0344.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5825", "datePublished": "2009-01-02T19:00:00.000Z", "dateReserved": "2009-01-02T00:00:00.000Z", "dateUpdated": "2024-08-07T11:04:44.699Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:nokia:6131_nfc:05.12:*:*:*:*:*:*:*", "matchCriteriaId": "EDFC8440-A930-409A-9235-D1DF479E8C1E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \\r), and . (dot) characters, which allows remote attackers to trick a user into loading an arbitrary URI via a crafted NDEF tag, as demonstrated by (1) an http: URI for a malicious web site, (2) a tel: URI for a premium-rate telephone number, and (3) an sms: URI that triggers purchase of a ringtone."}, {"lang": "es", "value": "La implementaci\u00f3n del tel\u00e9fono Nokia 6131 Near Field Communication (NFC) con firmware v05.12 no muestra de forma adecuada el registro URI cuando el registro Title contiene una combinaci\u00f3n precisa de los caracteres: espacios, CR (tambi\u00e9n conocidos como \\r), y . (punto), lo que permite a atacantes remotos enga\u00f1ar al usuario a cargar una URI de su elecci\u00f3n a trav\u00e9s de una etiqueta NDEF manipulada, como se demostr\u00f3 en (1) http: URI para sitio web malicioso, (2) un tel\u00e9fono: URI para un n\u00famero de tel\u00e9fono de tasa premium y (3) un SMS: URI que produce una compra de un tono para el m\u00f3vil."}], "id": "CVE-2008-5825", "lastModified": "2026-04-23T00:35:47.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-01-02T19:30:01.797", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2008-08/0186.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0344.html"}, {"source": "cve@mitre.org", "url": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf"}, {"source": "cve@mitre.org", "url": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html"}, {"source": "cve@mitre.org", "url": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf"}, {"source": "cve@mitre.org", "url": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/30716"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44527"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2008-08/0186.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0344.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://events.ccc.de/congress/2008/Fahrplan/attachments/1109_collin_mulliner_eusecwest08_attacking_nfc_phones_slim.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mulliner.org/nfc/feed/collin_mulliner_25c3_attacking_nfc_phones.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.mulliner.org/security/advisories/nokia6131nfc_uri_spoofing_and_dos_advisory.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/30716"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44527"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}