CVE-2011-3975

A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a list of telephone numbers from a log, and other sensitive information, by leveraging the android.permission.INTERNET application permission and establishing TCP sessions to 127.0.0.1 on port 65511 and a second port.

Published: 2011-10-03 Last update: 2026-04-29 Assigner: [email protected] Source: [email protected]

NVD Status：Modified，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2011-3975 is rated Low Risk (31.8/100): CVSS Low severity, with medium exploitation likelihood (EPSS 1.03%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2011-3975

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	0.41%	1.03%	+0.62%
2	2023-03-07	1.21%	0.41%	-0.80%
3	2022-02-04	—	1.21%	—

Full EPSS history (3 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2011-3975

CVSS metrics for this CVE.

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
2.6	2.0	LOW	`AV:N/AC:H/Au:N/C:P/I:N/A:N` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:H) Exploitation requires uncommon or highly specific conditions. Authentication (AU:N) No authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:N) No integrity impact. Availability impact (A:N) No availability impact.	4.9	2.9	[email protected]

Weakness enumeration for CVE-2011-3975

CWE-200 MITRE ↗

Affected software / configurations for CVE-2011-3975

Vendor	Product	Version	Raw CPE
google	android	2.3.4	cpe:2.3:o:google:android:2.3.4:::::::*
htc	evo_3d	—	cpe:2.3:h:htc:evo_3d::::::::
htc	evo_4g	—	cpe:2.3:h:htc:evo_4g::::::::
htc	thunderbolt	—	cpe:2.3:h:htc:thunderbolt::::::::

References for CVE-2011-3975

URL	Tags
http://news.cnet.com/8301-1035_3-20114556-94/
http://www.androidpolice.com/2011/10/01/massive-security-vulnerability-in-htc-android-devices-evo-3d-4g-thunderbolt-others-exposes-phone-numbers-gps-sms-emails-addresses-much-more/
http://www.securityfocus.com/bid/49916
http://www.thetechherald.com/article.php/201140/7676/HTC-looking-into-vulnerability-reports
https://exchange.xforce.ibmcloud.com/vulnerabilities/70270

cvelogic Threat Intelligence