URI Spoofing Vulnerability in Nokia 6131 NFC Phone
CVE-2008-5825

Currently unrated

Key Information:

Vendor: Nokia
Status: 6131 Nfc
Vendor: CVE Published:; 2 January 2009

What is CVE-2008-5825?

The Nokia 6131 Near Field Communication (NFC) phone with firmware version 05.12 contains a flaw in its SmartPoster implementation. This vulnerability enables attackers to manipulate the display of the URI record when specific combinations of space, carriage return, and dot characters are used in the Title record. By exploiting this flaw, remote attackers can lure users into accessing arbitrary URIs through specially crafted NDEF tags. This exploit can be used to redirect users to malicious websites, premium-rate phone numbers, or initiate unwanted actions like purchasing ringtones via SMS.

References

http://www.mulliner.org/nfc/feed/collin_mulliner_eusecwes...

x_refsource_MISC

http://www.securityfocus.com/bid/30716

vdb-entryx_refsource_BID

http://www.mulliner.org/security/advisories/nokia6131nfc_...

x_refsource_MISC

Timeline

Vulnerability published
Jan 2, 2009
Vulnerability Reserved
Jan 2, 2009