CVE-2015-5629

Vulnerability

The Japan Connected-free Wi-Fi application, provided by NTT Broadband Platform Inc., contains a URL whitelist bypass vulnerability. The issue exists in versions 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS (as per the original CVE description). However, the advisory notes that versions released in July 2015 did not fully address the vulnerability, and the corrected versions are for Android 1.15.1 and earlier, and for iOS 1.13.0 and earlier that have not applied the contents update provided on April 26, 2016 [1][2]. The flaw can be triggered when the application is launched via a URL-scheme [1].

Exploitation

An attacker can bypass the URL whitelist by using unspecified vectors, possibly involving the custom URL scheme of the application. The attack can be performed remotely with medium complexity and no authentication (CVSS 6.8) [2]. By crafting a malicious URL that loads an arbitrary page, the attacker can potentially execute arbitrary API calls [1].

Impact

Successful exploitation allows an attacker to execute arbitrary API functions. On the Android version, this is possible only if the app manifest grants permissions for those APIs [1][2]. On iOS, arbitrary API execution may be possible without additional permissions [2]. The impact includes partial compromise of confidentiality, integrity, and availability [2].

Mitigation

Users should update to the latest version of the application. For Android, update to version 1.15.1 or later, and for iOS, update to version 1.13.0 or later, or ensure the contents update provided on April 26, 2016 is applied [1][2]. No other workarounds are provided in the references.