Vulnerability: Multiple vulnerabilities in Smartphone Pentest Framework (SPF)
Number of vulnerabilities: 1
CVE ID: CVE-2012-5878
Vector operation: LAN
Impact: System Compromise
Exploit: PoC code
Affected Products: Smartphone Pentest Framework (SPF) 1.x
Affected versions: Smartphone Pentest Framework (SPF) versions 0.1.3 and 0.1.4
Which can be exploited by malicious people to execute arbitrary commands on the system.
An unspecified input validation error in the parameter “hostingPath” in scripts and SEAttack.pl CSAttack.pl, the parameter “appURLPath” in script attachMobileModem.pl, and parameter “ipAddressTB” in script guessPassword.pl. This can be exploited to execute arbitrary commands on the system.
Manufacturer URL: http://www.bulbsecurity.com/smartphone-pentest-framework/
We recommend our readers to stop using Smartphone Pentest Framework and run it in a sandbox.