Search criteria
18 vulnerabilities found for flashair by toshiba
VAR-201705-3458
Vulnerability from variot - Updated: 2023-12-18 13:39FlashAirTM SDHC Memory Card (SD-WE Series ) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series ) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors. FlashAir by Toshiba Corporation is an SDHC memory card which provides wireless LAN access functions. FlashAir PhotoShare function enables to share the selected data with other users as it switches the original wireless LAN connection set by FlashAir default to the wireless LAN connection for PhotoShare. FlashAir fails to restrict access permissions (CWE-425) in PhotoShare. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A user who access PhotoShare may obtain image data that are set not to be shared with other users. Because of the vulnerability stated in JVN#81820501, when enabling PhotoShare with web browsers, an attacker with access to the wireless LAN may obtain these image data. A security vulnerability exists in FlashAirSDHCMemoryCard 2.00.04 and earlier and versions prior to 3.00.02
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3458",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "flashair",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "2.00.04"
},
{
"model": "flashair",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "3.00.02"
},
{
"model": "flashair",
"scope": "lte",
"trust": 0.8,
"vendor": "toshiba",
"version": "sdhc memory card (sd-wd/wc series \u003cw-02\u003e) v2.00.04"
},
{
"model": "flashair",
"scope": "lte",
"trust": 0.8,
"vendor": "toshiba",
"version": "sdhc memory card (sd-we series \u003cw-03\u003e) v3.00.02"
},
{
"model": "flashair sdhc memory card",
"scope": "lte",
"trust": 0.6,
"vendor": "toshiba",
"version": "\u003c=v2.00.04"
},
{
"model": "flashair sdhc memory card",
"scope": "lte",
"trust": 0.6,
"vendor": "toshiba",
"version": "\u003c=v3.00.02"
},
{
"model": "flashair",
"scope": "eq",
"trust": 0.6,
"vendor": "toshiba",
"version": "3.00.02"
},
{
"model": "flashair",
"scope": "eq",
"trust": 0.6,
"vendor": "toshiba",
"version": "2.00.04"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07205"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000090"
},
{
"db": "NVD",
"id": "CVE-2017-2161"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-771"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.00.04",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.00.02",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2161"
}
]
},
"cve": "CVE-2017-2161",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.7,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000090",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "CNVD-2017-07205",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "CVE-2017-2161",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "LOW",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.5,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2017-000090",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-2161",
"trust": 1.0,
"value": "LOW"
},
{
"author": "IPA",
"id": "JVNDB-2017-000090",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2017-07205",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-771",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2017-2161",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07205"
},
{
"db": "VULMON",
"id": "CVE-2017-2161"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000090"
},
{
"db": "NVD",
"id": "CVE-2017-2161"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-771"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors. FlashAir by Toshiba Corporation is an SDHC memory card which provides wireless LAN access functions. FlashAir PhotoShare function enables to share the selected data with other users as it switches the original wireless LAN connection set by FlashAir default to the wireless LAN connection for PhotoShare. FlashAir fails to restrict access permissions (CWE-425) in PhotoShare. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A user who access PhotoShare may obtain image data that are set not to be shared with other users. Because of the vulnerability stated in JVN#81820501, when enabling PhotoShare with web browsers, an attacker with access to the wireless LAN may obtain these image data. A security vulnerability exists in FlashAirSDHCMemoryCard 2.00.04 and earlier and versions prior to 3.00.02",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2161"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000090"
},
{
"db": "CNVD",
"id": "CNVD-2017-07205"
},
{
"db": "VULMON",
"id": "CVE-2017-2161"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000090",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2017-2161",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN46372675",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2017-07205",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201705-771",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-2161",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07205"
},
{
"db": "VULMON",
"id": "CVE-2017-2161"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000090"
},
{
"db": "NVD",
"id": "CVE-2017-2161"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-771"
}
]
},
"id": "VAR-201705-3458",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07205"
}
],
"trust": 1.475
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07205"
}
]
},
"last_update_date": "2023-12-18T13:39:00.366000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "How to Use the Photoshare function",
"trust": 0.8,
"url": "http://www.toshiba-personalstorage.net/support/manual/flashair/wewdwc/photoshare.htm"
},
{
"title": "SDHC Memory Card with embedded wireless LAN functionality FlashAir(SD-WD/WC series\u003cW-02\u003e)",
"trust": 0.8,
"url": "http://www.toshiba-personalstorage.net/endproduct/flashair/index_j.htm"
},
{
"title": "SDHC Memory Card with embedded wireless LAN functionality FlashAir(SD-WE series\u003cW-03\u003e)",
"trust": 0.8,
"url": "http://www.toshiba-personalstorage.net/product/flashair/index_j.htm"
},
{
"title": "Photoshare of FlashAir may have a security vulnerability to access restriction",
"trust": 0.8,
"url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
},
{
"title": "FlashAirSDHCMemoryCard has an unexplained patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/94095"
},
{
"title": "Toshiba FlashAirTM SDHC Memory Card Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70340"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07205"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000090"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-771"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-425",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000090"
},
{
"db": "NVD",
"id": "CVE-2017-2161"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn46372675/index.html"
},
{
"trust": 1.7,
"url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/en/contents/2017/jvndb-2017-000090.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2161"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2161"
},
{
"trust": 0.6,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2017-000090"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/425.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07205"
},
{
"db": "VULMON",
"id": "CVE-2017-2161"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000090"
},
{
"db": "NVD",
"id": "CVE-2017-2161"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-771"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-07205"
},
{
"db": "VULMON",
"id": "CVE-2017-2161"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000090"
},
{
"db": "NVD",
"id": "CVE-2017-2161"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-771"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07205"
},
{
"date": "2017-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2017-2161"
},
{
"date": "2017-05-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000090"
},
{
"date": "2017-05-22T16:29:00.560000",
"db": "NVD",
"id": "CVE-2017-2161"
},
{
"date": "2017-05-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-771"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07205"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-2161"
},
{
"date": "2017-12-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000090"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-2161"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-771"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-771"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FlashAir fails to restrict access permissions in PhotoShare",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000090"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-771"
}
],
"trust": 0.6
}
}
VAR-201704-0898
Vulnerability from variot - Updated: 2023-12-18 12:19Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. Multiple installers of Toshiba memory card related software contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Arbitrary code may be executed with the privilege of the user invoking the installer. Toshiba SDHC and SDXC are both memory cards from Toshiba Corporation of Japan. A remote attacker can exploit this vulnerability to gain access. A remote attacker can leverage this issue to execute arbitrary code in the context of the affected application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0898",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "flashair",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "3.00.01"
},
{
"model": "flashair",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "2.00.03"
},
{
"model": "flashair",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "1.02"
},
{
"model": "flashair",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "1.00.03"
},
{
"model": "flashair",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "3.0.2"
},
{
"model": "flashair",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "1.00.06"
},
{
"model": "flashair",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "1.00.04"
},
{
"model": "sdhc memory card with embedded transferjet functionality configuration software",
"scope": "lte",
"trust": 0.8,
"vendor": "toshiba",
"version": "v1.02"
},
{
"model": "sdhc memory card with embedded transferjet functionality software update tool",
"scope": "lte",
"trust": 0.8,
"vendor": "toshiba",
"version": "v1.00.06"
},
{
"model": "sdhc memory card with embedded wireless lan functionality flashair configuration software",
"scope": "lte",
"trust": 0.8,
"vendor": "toshiba",
"version": "v3.0.2"
},
{
"model": "sdhc memory card with embedded wireless lan functionality flashair software update tool",
"scope": "lte",
"trust": 0.8,
"vendor": "toshiba",
"version": "(sd-wb/wl series) v1.00.04"
},
{
"model": "sdhc memory card with embedded wireless lan functionality flashair software update tool",
"scope": "lte",
"trust": 0.8,
"vendor": "toshiba",
"version": "(sd-wd/wc series\u003cw-02\u003e) v2.00.03"
},
{
"model": "sdhc memory card with embedded wireless lan functionality flashair software update tool",
"scope": "eq",
"trust": 0.8,
"vendor": "toshiba",
"version": "(sd-we series\u003cw-03\u003e) v3.00.01"
},
{
"model": "sdhc/sdxc memory card with embedded nfc functionality software update tool",
"scope": "lte",
"trust": 0.8,
"vendor": "toshiba",
"version": "v1.00.03"
},
{
"model": "sdhc memory card",
"scope": "lte",
"trust": 0.6,
"vendor": "toshiba",
"version": "\u003c=v3.0.2"
},
{
"model": "sdhc memory card",
"scope": "lt",
"trust": 0.6,
"vendor": "toshiba",
"version": "3.00.01"
},
{
"model": "sdhc memory card",
"scope": "lte",
"trust": 0.6,
"vendor": "toshiba",
"version": "\u003c=v2.00.03"
},
{
"model": "sdhc memory card",
"scope": "lte",
"trust": 0.6,
"vendor": "toshiba",
"version": "\u003c=v1.00.04"
},
{
"model": "sdhc memory card",
"scope": "lte",
"trust": 0.6,
"vendor": "toshiba",
"version": "\u003c=v1.02"
},
{
"model": "sdhc memory card",
"scope": "lte",
"trust": 0.6,
"vendor": "toshiba",
"version": "\u003c=v1.00.06"
},
{
"model": "sdhc/sdxc memory card",
"scope": null,
"trust": 0.6,
"vendor": "toshiba",
"version": null
},
{
"model": "flashair",
"scope": "eq",
"trust": 0.6,
"vendor": "toshiba",
"version": "3.0.2"
},
{
"model": "flashair",
"scope": "eq",
"trust": 0.6,
"vendor": "toshiba",
"version": "2.00.03"
},
{
"model": "flashair",
"scope": "eq",
"trust": 0.6,
"vendor": "toshiba",
"version": "1.00.03"
},
{
"model": "flashair",
"scope": "eq",
"trust": 0.6,
"vendor": "toshiba",
"version": "1.00.04"
},
{
"model": "flashair",
"scope": "eq",
"trust": 0.6,
"vendor": "toshiba",
"version": "1.00.06"
},
{
"model": "flashair",
"scope": "eq",
"trust": 0.6,
"vendor": "toshiba",
"version": "3.00.01"
},
{
"model": "flashair",
"scope": "eq",
"trust": 0.6,
"vendor": "toshiba",
"version": "1.02"
},
{
"model": "sdxc memory card with embedded nfc functionality software update",
"scope": "eq",
"trust": 0.3,
"vendor": "toshiba",
"version": "1.0.3"
},
{
"model": "sdxc memory card with embedded nfc functionality software update",
"scope": "eq",
"trust": 0.3,
"vendor": "toshiba",
"version": "0"
},
{
"model": "sdhc memory card flashairtm software update tool",
"scope": "eq",
"trust": 0.3,
"vendor": "toshiba",
"version": "3.0.1"
},
{
"model": "sdhc memory card flashairtm software update tool",
"scope": "eq",
"trust": 0.3,
"vendor": "toshiba",
"version": "0"
},
{
"model": "sdhc memory card flashairtm configuration software",
"scope": "eq",
"trust": 0.3,
"vendor": "toshiba",
"version": "3.0.2"
},
{
"model": "sdhc memory card flashairtm configuration software",
"scope": "eq",
"trust": 0.3,
"vendor": "toshiba",
"version": "0"
},
{
"model": "sdhc memory card",
"scope": "eq",
"trust": 0.3,
"vendor": "toshiba",
"version": "1.0.3"
},
{
"model": "sdhc memory card",
"scope": "eq",
"trust": 0.3,
"vendor": "toshiba",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06938"
},
{
"db": "BID",
"id": "97697"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000069"
},
{
"db": "NVD",
"id": "CVE-2017-2149"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-965"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.00.01",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00.04",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.02",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00.06",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00.03",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.00.03",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2149"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yuji Tounai of NTT Communications Corporation.",
"sources": [
{
"db": "BID",
"id": "97697"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-965"
}
],
"trust": 0.9
},
"cve": "CVE-2017-2149",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000069",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-06938",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000069",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-2149",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-000069",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-06938",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-965",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06938"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000069"
},
{
"db": "NVD",
"id": "CVE-2017-2149"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-965"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series\u003cW-03\u003e) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series\u003cW-02\u003e) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. Multiple installers of Toshiba memory card related software contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Arbitrary code may be executed with the privilege of the user invoking the installer. Toshiba SDHC and SDXC are both memory cards from Toshiba Corporation of Japan. A remote attacker can exploit this vulnerability to gain access. \nA remote attacker can leverage this issue to execute arbitrary code in the context of the affected application",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2149"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000069"
},
{
"db": "CNVD",
"id": "CNVD-2017-06938"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-965"
},
{
"db": "BID",
"id": "97697"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN05340816",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2017-2149",
"trust": 3.3
},
{
"db": "BID",
"id": "97697",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000069",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-06938",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201704-965",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06938"
},
{
"db": "BID",
"id": "97697"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000069"
},
{
"db": "NVD",
"id": "CVE-2017-2149"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-965"
}
]
},
"id": "VAR-201704-0898",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06938"
}
],
"trust": 1.5375
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06938"
}
]
},
"last_update_date": "2023-12-18T12:19:54.396000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Toshiba Corporation website",
"trust": 0.8,
"url": "http://www.toshiba-personalstorage.net/news/20170414.htm"
},
{
"title": "Patches for multiple Toshiba memory card installers that are not trusted for search path vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/93907"
},
{
"title": "Multiple Toshiba Repair measures for memory card installer security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69714"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06938"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000069"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-965"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-426",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000069"
},
{
"db": "NVD",
"id": "CVE-2017-2149"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://jvn.jp/en/jp/jvn05340816/index.html"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/97697"
},
{
"trust": 1.6,
"url": "http://www.toshiba-personalstorage.net/news/20170414.htm"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2149"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2149"
},
{
"trust": 0.3,
"url": "http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html"
},
{
"trust": 0.3,
"url": "http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06938"
},
{
"db": "BID",
"id": "97697"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000069"
},
{
"db": "NVD",
"id": "CVE-2017-2149"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-965"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-06938"
},
{
"db": "BID",
"id": "97697"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000069"
},
{
"db": "NVD",
"id": "CVE-2017-2149"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-965"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06938"
},
{
"date": "2017-04-14T00:00:00",
"db": "BID",
"id": "97697"
},
{
"date": "2017-04-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000069"
},
{
"date": "2017-04-28T16:59:01.917000",
"db": "NVD",
"id": "CVE-2017-2149"
},
{
"date": "2017-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-965"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06938"
},
{
"date": "2017-04-18T00:07:00",
"db": "BID",
"id": "97697"
},
{
"date": "2017-12-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000069"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-2149"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-965"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-965"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple installers of Toshiba memory card related software may insecurely load Dynamic Link Libraries",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000069"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-965"
}
],
"trust": 0.6
}
}
VAR-201705-3459
Vulnerability from variot - Updated: 2023-12-18 12:04FlashAirTM SDHC Memory Card (SD-WE Series ) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series ) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a web browser. When enabling PhotoShare with a mobile application (either for Android or iOS), the application prompts a user to set credentials. As a result, a remote attacker with access to the wireless LAN may obtain image data by using default credentials (CWE-284). Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If PhotoShare is enabled by web browsers, an attacker with access to the wireless LAN may obtain image data. There is a security hole in FlashAirSDHCMemoryCard
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3459",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "flashair",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "2.00.04"
},
{
"model": "flashair",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "3.00.02"
},
{
"model": "flashair",
"scope": "lte",
"trust": 0.8,
"vendor": "toshiba",
"version": "sdhc memory card (sd-wd/wc series \u003cw-02\u003e) v2.00.03"
},
{
"model": "flashair",
"scope": "lte",
"trust": 0.8,
"vendor": "toshiba",
"version": "sdhc memory card (sd-we series \u003cw-03\u003e) v3.00.01"
},
{
"model": "flashair sdhc memory card",
"scope": "lte",
"trust": 0.6,
"vendor": "toshiba",
"version": "\u003c=v2.00.04"
},
{
"model": "flashair sdhc memory card",
"scope": "lte",
"trust": 0.6,
"vendor": "toshiba",
"version": "\u003c=v3.00.02"
},
{
"model": "flashair",
"scope": "eq",
"trust": 0.6,
"vendor": "toshiba",
"version": "3.00.02"
},
{
"model": "flashair",
"scope": "eq",
"trust": 0.6,
"vendor": "toshiba",
"version": "2.00.04"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000091"
},
{
"db": "NVD",
"id": "CVE-2017-2162"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-770"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.00.04",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.00.02",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2162"
}
]
},
"cve": "CVE-2017-2162",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000091",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2017-07254",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2017-000091",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-2162",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2017-000091",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-07254",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-770",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000091"
},
{
"db": "NVD",
"id": "CVE-2017-2162"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-770"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a web browser. When enabling PhotoShare with a mobile application (either for Android or iOS), the application prompts a user to set credentials. As a result, a remote attacker with access to the wireless LAN may obtain image data by using default credentials (CWE-284). Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If PhotoShare is enabled by web browsers, an attacker with access to the wireless LAN may obtain image data. There is a security hole in FlashAirSDHCMemoryCard",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2162"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000091"
},
{
"db": "CNVD",
"id": "CNVD-2017-07254"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000091",
"trust": 3.0
},
{
"db": "NVD",
"id": "CVE-2017-2162",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVN81820501",
"trust": 2.4
},
{
"db": "CNVD",
"id": "CNVD-2017-07254",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201705-770",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000091"
},
{
"db": "NVD",
"id": "CVE-2017-2162"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-770"
}
]
},
"id": "VAR-201705-3459",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07254"
}
],
"trust": 1.475
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07254"
}
]
},
"last_update_date": "2023-12-18T12:04:08.649000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "How to Use the Photoshare function",
"trust": 0.8,
"url": "http://www.toshiba-personalstorage.net/support/manual/flashair/wewdwc/photoshare.htm"
},
{
"title": "Photoshare of FlashAir may have a security vulnerability to a fixed password",
"trust": 0.8,
"url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
},
{
"title": "SDHC Memory Card with embedded wireless LAN functionality FlashAir (SD-WD/WC series\u003cW-02\u003e)",
"trust": 0.8,
"url": "http://www.toshiba-personalstorage.net/endproduct/flashair/index_j.htm"
},
{
"title": "SDHC Memory Card with embedded wireless LAN functionality FlashAir (SD-WE series\u003cW-03\u003e)",
"trust": 0.8,
"url": "http://www.toshiba-personalstorage.net/product/flashair/index_j.htm"
},
{
"title": "Patch for FlashAirSDHCMemoryCard Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/94141"
},
{
"title": "Toshiba FlashAirTM SDHC Memory Card Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70339"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000091"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-770"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000091"
},
{
"db": "NVD",
"id": "CVE-2017-2162"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://jvn.jp/en/jp/jvn81820501/index.html"
},
{
"trust": 2.2,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2017-000091"
},
{
"trust": 1.6,
"url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2162"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2162"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000091"
},
{
"db": "NVD",
"id": "CVE-2017-2162"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-770"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-07254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000091"
},
{
"db": "NVD",
"id": "CVE-2017-2162"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-770"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07254"
},
{
"date": "2017-05-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000091"
},
{
"date": "2017-05-22T16:29:00.607000",
"db": "NVD",
"id": "CVE-2017-2162"
},
{
"date": "2017-05-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-770"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07254"
},
{
"date": "2017-12-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000091"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-2162"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-770"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-770"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FlashAir do not set credential information in PhotoShare",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000091"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-770"
}
],
"trust": 0.6
}
}
FKIE_CVE-2017-2162
Vulnerability from fkie_nvd - Published: 2017-05-22 16:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a web browser.
References
| URL | Tags | ||
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/jvndb/JVNDB-2017-000091 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.toshiba-personalstorage.net/news/20170516a.htm | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN81820501/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/jvndb/JVNDB-2017-000091 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.toshiba-personalstorage.net/news/20170516a.htm | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN81820501/index.html | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81FE3A57-D37B-4A63-B644-9296BEB763B1",
"versionEndIncluding": "2.00.04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81955C91-8DC4-4626-A84E-556E6E5E8B3C",
"versionEndIncluding": "3.00.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a web browser."
},
{
"lang": "es",
"value": "Tarjeta de memoria SDHC de FlashAirTM (Serie SD-WE (W-03)) versi\u00f3n 3.00.02 y anteriores y tarjeta de memoria SDHC de FlashAirTM (Serie SD-WD/WC (W-02)) versi\u00f3n 2.00.04 y anteriores, permite establecer credenciales por defecto para conexiones LAN inal\u00e1mbricas al producto al activar la funci\u00f3n PhotoShare por medio de un navegador web."
}
],
"id": "CVE-2017-2162",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-22T16:29:00.607",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000091"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN81820501/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN81820501/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-4863
Vulnerability from fkie_nvd - Published: 2017-05-22 16:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later, FlashAir III Class 10 model W-03 series, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later, FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when "Internet pass-thru Mode" is enabled, which allows attackers with access to STA side LAN can obtain files or data.
References
| URL | Tags | ||
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/jvndb/JVNDB-2016-000168 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/93479 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN39619137/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/jvndb/JVNDB-2016-000168 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93479 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN39619137/index.html | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA7647D-DB43-4DD7-89B4-02CD310B8F5B",
"versionEndIncluding": "1.00.03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E68A5E-C899-484D-87EA-F52414B66968",
"versionEndIncluding": "1.00.04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8288D17C-1CE9-4B38-81C4-9C702E5800D9",
"versionEndIncluding": "1.00.06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0CE8592-61C3-4F18-9398-3F9C2F5531A4",
"versionEndIncluding": "1.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DB5458-E52B-497D-8B09-040FCDB13B78",
"versionEndIncluding": "2.00.03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48762E2F-044E-43C6-8221-FBFBA9C8E7E4",
"versionEndIncluding": "3.00.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C182FF61-0D00-4AE6-94CD-38BBB47050D5",
"versionEndIncluding": "3.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later, FlashAir III Class 10 model W-03 series, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later, FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when \"Internet pass-thru Mode\" is enabled, which allows attackers with access to STA side LAN can obtain files or data."
},
{
"lang": "es",
"value": "El FlashAir SD-WD/WC serie Clase 6 modelo con versi\u00f3n de firmware 1.00.04 y posterior, FlashAir SD- WD/WC serie Clase 10 modelo W-02 con versi\u00f3n de firmware 2.00.02 y posterior, FlashAir SD-WE serie Clase 10 modelo W-03, FlashAir Clase 6 modelo con versi\u00f3n de firmware 1.00.04 y posterior, FlashAir II Clase 10 modelo W-02 serie con versi\u00f3n de firmware 2.00.02 y posterior, FlashAir III Clase 10 modelo W-03 serie, FlashAir Clase 6 modelo con versi\u00f3n de firmware 1.00.04 y posterior, FlashAir W-02 serie Clase 10 modelo con versi\u00f3n de firmware 2.00.02 y posterior, FlashAir W-03 serie clase 10 el modelo de Toshiba, no requieren la autenticaci\u00f3n al aceptar una conexi\u00f3n de LAN del lado STA cuando se habilita el \"Internet pass-thru Mode\", que permite que los atacantes con acceso a LAN del lado STA puedan obtener archivos o datos."
}
],
"id": "CVE-2016-4863",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-22T16:29:00.217",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000168"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93479"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN39619137/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93479"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN39619137/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-2161
Vulnerability from fkie_nvd - Published: 2017-05-22 16:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors.
References
| URL | Tags | ||
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000090.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.toshiba-personalstorage.net/news/20170516a.htm | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN46372675/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000090.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.toshiba-personalstorage.net/news/20170516a.htm | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN46372675/index.html | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81FE3A57-D37B-4A63-B644-9296BEB763B1",
"versionEndIncluding": "2.00.04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81955C91-8DC4-4626-A84E-556E6E5E8B3C",
"versionEndIncluding": "3.00.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors."
},
{
"lang": "es",
"value": "Tarjeta de memoria SDHC de FlashAirTM (Serie SD-WE (W-03)) versi\u00f3n 3.00.02 y anteriores y tarjeta de memoria SDHC de FlashAirTM (Serie SD-WD/WC (W-02)) versi\u00f3n 2.00.04 y anteriores, permite a los atacantes autenticados omitir las restricciones de acceso para obtener datos de imagen no autorizados por medio de vectores no especificados."
}
],
"id": "CVE-2017-2161",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-22T16:29:00.560",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000090.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN46372675/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000090.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN46372675/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-425"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-2149
Vulnerability from fkie_nvd - Published: 2017-04-28 16:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series<W-03>) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series<W-02>) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
References
| URL | Tags | ||
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN05340816/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/97697 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.toshiba-personalstorage.net/news/20170414.htm | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN05340816/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97697 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.toshiba-personalstorage.net/news/20170414.htm | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA7647D-DB43-4DD7-89B4-02CD310B8F5B",
"versionEndIncluding": "1.00.03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E68A5E-C899-484D-87EA-F52414B66968",
"versionEndIncluding": "1.00.04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8288D17C-1CE9-4B38-81C4-9C702E5800D9",
"versionEndIncluding": "1.00.06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0CE8592-61C3-4F18-9398-3F9C2F5531A4",
"versionEndIncluding": "1.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DB5458-E52B-497D-8B09-040FCDB13B78",
"versionEndIncluding": "2.00.03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48762E2F-044E-43C6-8221-FBFBA9C8E7E4",
"versionEndIncluding": "3.00.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C182FF61-0D00-4AE6-94CD-38BBB47050D5",
"versionEndIncluding": "3.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series\u003cW-03\u003e) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series\u003cW-02\u003e) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory."
},
{
"lang": "es",
"value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en los instaladores de software: Software Update Tool V1.00.03 y versiones anteriores para tarjetas de memoria SDHC/SDXC con funcionalidad NFC integrada, FlashAir Configuration Software V3.0.2 y versiones anteriores para tarjetas de memoria SDHC con funcionalidad LAN inal\u00e1mbrica integrada, FlashAir Software Update tool (SD-WE series) V3.00.01 para tarjetas de memoria SDHC con funcionalidad LAN inal\u00e1mbrica integrada, FlashAir Software Update tool (SD-WD/WC series) V2.00.03 y versiones anteriores para tarjetas de memoria SDHC con funcionalidad LAN inal\u00e1mbrica integrada, FlashAir Software Update tool (SD-WB/WL series) V1.00.04 y versiones anteriores para tarjetas de memoria SDHC con funcionalidad LAN inal\u00e1mbrica integrada, Configuration Software V1.02 y versiones anteriores para tarjetas de memoria SDHC con funcionalidad TransferJet integrada, Software Update tool V1.00.06 y versiones anteriores para tarjetas de memoria SDHC con funcionalidad TransferJet integrada, permite a atacantes remotos obtener privilegios a trav\u00e9s de una DLL troyanizada en un directorio no especificado."
}
],
"id": "CVE-2017-2149",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-28T16:59:01.917",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN05340816/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97697"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://www.toshiba-personalstorage.net/news/20170414.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN05340816/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.toshiba-personalstorage.net/news/20170414.htm"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-2161 (GCVE-0-2017-2161)
Vulnerability from cvelistv5 – Published: 2017-05-22 16:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Fails to restrict access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Toshiba Corporation | FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) |
Affected:
V3.00.02 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2017-000090",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000090.html"
},
{
"name": "JVN#46372675",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN46372675/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e)",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V3.00.02 and earlier"
}
]
},
{
"product": "FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e)",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V2.00.04 and earlier"
}
]
}
],
"datePublic": "2017-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-22T15:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2017-000090",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000090.html"
},
{
"name": "JVN#46372675",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN46372675/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e)",
"version": {
"version_data": [
{
"version_value": "V3.00.02 and earlier"
}
]
}
},
{
"product_name": "FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e)",
"version": {
"version_data": [
{
"version_value": "V2.00.04 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2017-000090",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000090.html"
},
{
"name": "JVN#46372675",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN46372675/index.html"
},
{
"name": "http://www.toshiba-personalstorage.net/news/20170516a.htm",
"refsource": "CONFIRM",
"url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2161",
"datePublished": "2017-05-22T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:03.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4863 (GCVE-0-2016-4863)
Vulnerability from cvelistv5 – Published: 2017-05-22 16:00 – Updated: 2024-08-06 00:46
VLAI?
Summary
The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later, FlashAir III Class 10 model W-03 series, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later, FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when "Internet pass-thru Mode" is enabled, which allows attackers with access to STA side LAN can obtain files or data.
Severity ?
No CVSS data available.
CWE
- Lack of authentication mechanism
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Toshiba | FlashAir SD-WD/WC series Class 6 model |
Affected:
firmware version 1.00.04 and later
|
||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:38.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93479",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93479"
},
{
"name": "JVN#39619137",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN39619137/index.html"
},
{
"name": "JVNDB-2016-000168",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000168"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FlashAir SD-WD/WC series Class 6 model",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "firmware version 1.00.04 and later"
}
]
},
{
"product": "FlashAir SD-WD/WC series Class 10 model W-02",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "firmware version 2.00.02 and later"
}
]
},
{
"product": "FlashAir SD-WE series Class 10 model W-03",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"product": "FlashAir Class 6 model",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "firmware version 1.00.04 and later"
}
]
},
{
"product": "FlashAir II Class 10 model W-02 series",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "firmware version 2.00.02 and later"
}
]
},
{
"product": "FlashAir III Class 10 model W-03 series",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"product": "FlashAir Class 6 model",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "firmware version 1.00.04 and later"
}
]
},
{
"product": "FlashAir W-02 series Class 10 model",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "firmware version 2.00.02 and later"
}
]
},
{
"product": "FlashAir W-03 series Class 10 model",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
}
],
"datePublic": "2016-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later, FlashAir III Class 10 model W-03 series, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later, FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when \"Internet pass-thru Mode\" is enabled, which allows attackers with access to STA side LAN can obtain files or data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Lack of authentication mechanism",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-23T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "93479",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93479"
},
{
"name": "JVN#39619137",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN39619137/index.html"
},
{
"name": "JVNDB-2016-000168",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000168"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FlashAir SD-WD/WC series Class 6 model",
"version": {
"version_data": [
{
"version_value": "firmware version 1.00.04 and later"
}
]
}
},
{
"product_name": "FlashAir SD-WD/WC series Class 10 model W-02",
"version": {
"version_data": [
{
"version_value": "firmware version 2.00.02 and later"
}
]
}
},
{
"product_name": "FlashAir SD-WE series Class 10 model W-03",
"version": {
"version_data": [
{
"version_value": "all firmware versions"
}
]
}
},
{
"product_name": "FlashAir Class 6 model",
"version": {
"version_data": [
{
"version_value": "firmware version 1.00.04 and later"
}
]
}
},
{
"product_name": "FlashAir II Class 10 model W-02 series",
"version": {
"version_data": [
{
"version_value": "firmware version 2.00.02 and later"
}
]
}
},
{
"product_name": "FlashAir III Class 10 model W-03 series",
"version": {
"version_data": [
{
"version_value": "all firmware versions"
}
]
}
},
{
"product_name": "FlashAir Class 6 model",
"version": {
"version_data": [
{
"version_value": "firmware version 1.00.04 and later"
}
]
}
},
{
"product_name": "FlashAir W-02 series Class 10 model",
"version": {
"version_data": [
{
"version_value": "firmware version 2.00.02 and later"
}
]
}
},
{
"product_name": "FlashAir W-03 series Class 10 model",
"version": {
"version_data": [
{
"version_value": "all firmware versions"
}
]
}
}
]
},
"vendor_name": "Toshiba"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later, FlashAir III Class 10 model W-03 series, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later, FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when \"Internet pass-thru Mode\" is enabled, which allows attackers with access to STA side LAN can obtain files or data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Lack of authentication mechanism"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93479",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93479"
},
{
"name": "JVN#39619137",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN39619137/index.html"
},
{
"name": "JVNDB-2016-000168",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000168"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4863",
"datePublished": "2017-05-22T16:00:00",
"dateReserved": "2016-05-17T00:00:00",
"dateUpdated": "2024-08-06T00:46:38.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2162 (GCVE-0-2017-2162)
Vulnerability from cvelistv5 – Published: 2017-05-22 16:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a web browser.
Severity ?
No CVSS data available.
CWE
- Configures default credentials
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Toshiba Corporation | FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) |
Affected:
V3.00.02 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2017-000091",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000091"
},
{
"name": "JVN#81820501",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN81820501/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e)",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V3.00.02 and earlier"
}
]
},
{
"product": "FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e)",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V2.00.04 and earlier"
}
]
}
],
"datePublic": "2017-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a web browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Configures default credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-22T15:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2017-000091",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000091"
},
{
"name": "JVN#81820501",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN81820501/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e)",
"version": {
"version_data": [
{
"version_value": "V3.00.02 and earlier"
}
]
}
},
{
"product_name": "FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e)",
"version": {
"version_data": [
{
"version_value": "V2.00.04 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a web browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Configures default credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2017-000091",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000091"
},
{
"name": "JVN#81820501",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN81820501/index.html"
},
{
"name": "http://www.toshiba-personalstorage.net/news/20170516a.htm",
"refsource": "CONFIRM",
"url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2162",
"datePublished": "2017-05-22T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:03.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2149 (GCVE-0-2017-2149)
Vulnerability from cvelistv5 – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series<W-03>) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series<W-02>) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity ?
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#05340816",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN05340816/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.toshiba-personalstorage.net/news/20170414.htm"
},
{
"name": "97697",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97697"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Installer for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V1.00.03 and earlier"
}
]
},
{
"product": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Configuration Software",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V3.0.2 and earlier"
}
]
},
{
"product": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WE series\u003cW-03\u003e)",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V3.00.01"
}
]
},
{
"product": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WD/WC series\u003cW-02\u003e)",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V2.00.03 and earlier"
}
]
},
{
"product": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WB/WL series)",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V1.00.04 and earlier"
}
]
},
{
"product": "Installer for SDHC Memory Card with embedded TransferJetTM functionality Configuration Software",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V1.02 and earlier"
}
]
},
{
"product": "Installer for SDHC Memory Card with embedded TransferJetTM functionality Software Update tool",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V1.00.06 and earlier"
}
]
}
],
"datePublic": "2017-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series\u003cW-03\u003e) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series\u003cW-02\u003e) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#05340816",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN05340816/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.toshiba-personalstorage.net/news/20170414.htm"
},
{
"name": "97697",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97697"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Installer for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool",
"version": {
"version_data": [
{
"version_value": "V1.00.03 and earlier"
}
]
}
},
{
"product_name": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Configuration Software",
"version": {
"version_data": [
{
"version_value": "V3.0.2 and earlier"
}
]
}
},
{
"product_name": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WE series\u003cW-03\u003e)",
"version": {
"version_data": [
{
"version_value": "V3.00.01"
}
]
}
},
{
"product_name": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WD/WC series\u003cW-02\u003e)",
"version": {
"version_data": [
{
"version_value": "V2.00.03 and earlier"
}
]
}
},
{
"product_name": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WB/WL series)",
"version": {
"version_data": [
{
"version_value": "V1.00.04 and earlier"
}
]
}
},
{
"product_name": "Installer for SDHC Memory Card with embedded TransferJetTM functionality Configuration Software",
"version": {
"version_data": [
{
"version_value": "V1.02 and earlier"
}
]
}
},
{
"product_name": "Installer for SDHC Memory Card with embedded TransferJetTM functionality Software Update tool",
"version": {
"version_data": [
{
"version_value": "V1.00.06 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series\u003cW-03\u003e) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series\u003cW-02\u003e) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#05340816",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN05340816/index.html"
},
{
"name": "http://www.toshiba-personalstorage.net/news/20170414.htm",
"refsource": "MISC",
"url": "http://www.toshiba-personalstorage.net/news/20170414.htm"
},
{
"name": "97697",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97697"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2149",
"datePublished": "2017-04-28T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:03.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2161 (GCVE-0-2017-2161)
Vulnerability from nvd – Published: 2017-05-22 16:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Fails to restrict access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Toshiba Corporation | FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) |
Affected:
V3.00.02 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2017-000090",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000090.html"
},
{
"name": "JVN#46372675",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN46372675/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e)",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V3.00.02 and earlier"
}
]
},
{
"product": "FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e)",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V2.00.04 and earlier"
}
]
}
],
"datePublic": "2017-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-22T15:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2017-000090",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000090.html"
},
{
"name": "JVN#46372675",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN46372675/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e)",
"version": {
"version_data": [
{
"version_value": "V3.00.02 and earlier"
}
]
}
},
{
"product_name": "FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e)",
"version": {
"version_data": [
{
"version_value": "V2.00.04 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2017-000090",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000090.html"
},
{
"name": "JVN#46372675",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN46372675/index.html"
},
{
"name": "http://www.toshiba-personalstorage.net/news/20170516a.htm",
"refsource": "CONFIRM",
"url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2161",
"datePublished": "2017-05-22T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:03.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4863 (GCVE-0-2016-4863)
Vulnerability from nvd – Published: 2017-05-22 16:00 – Updated: 2024-08-06 00:46
VLAI?
Summary
The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later, FlashAir III Class 10 model W-03 series, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later, FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when "Internet pass-thru Mode" is enabled, which allows attackers with access to STA side LAN can obtain files or data.
Severity ?
No CVSS data available.
CWE
- Lack of authentication mechanism
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Toshiba | FlashAir SD-WD/WC series Class 6 model |
Affected:
firmware version 1.00.04 and later
|
||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:38.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93479",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93479"
},
{
"name": "JVN#39619137",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN39619137/index.html"
},
{
"name": "JVNDB-2016-000168",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000168"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FlashAir SD-WD/WC series Class 6 model",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "firmware version 1.00.04 and later"
}
]
},
{
"product": "FlashAir SD-WD/WC series Class 10 model W-02",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "firmware version 2.00.02 and later"
}
]
},
{
"product": "FlashAir SD-WE series Class 10 model W-03",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"product": "FlashAir Class 6 model",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "firmware version 1.00.04 and later"
}
]
},
{
"product": "FlashAir II Class 10 model W-02 series",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "firmware version 2.00.02 and later"
}
]
},
{
"product": "FlashAir III Class 10 model W-03 series",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"product": "FlashAir Class 6 model",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "firmware version 1.00.04 and later"
}
]
},
{
"product": "FlashAir W-02 series Class 10 model",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "firmware version 2.00.02 and later"
}
]
},
{
"product": "FlashAir W-03 series Class 10 model",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
}
],
"datePublic": "2016-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later, FlashAir III Class 10 model W-03 series, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later, FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when \"Internet pass-thru Mode\" is enabled, which allows attackers with access to STA side LAN can obtain files or data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Lack of authentication mechanism",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-23T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "93479",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93479"
},
{
"name": "JVN#39619137",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN39619137/index.html"
},
{
"name": "JVNDB-2016-000168",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000168"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FlashAir SD-WD/WC series Class 6 model",
"version": {
"version_data": [
{
"version_value": "firmware version 1.00.04 and later"
}
]
}
},
{
"product_name": "FlashAir SD-WD/WC series Class 10 model W-02",
"version": {
"version_data": [
{
"version_value": "firmware version 2.00.02 and later"
}
]
}
},
{
"product_name": "FlashAir SD-WE series Class 10 model W-03",
"version": {
"version_data": [
{
"version_value": "all firmware versions"
}
]
}
},
{
"product_name": "FlashAir Class 6 model",
"version": {
"version_data": [
{
"version_value": "firmware version 1.00.04 and later"
}
]
}
},
{
"product_name": "FlashAir II Class 10 model W-02 series",
"version": {
"version_data": [
{
"version_value": "firmware version 2.00.02 and later"
}
]
}
},
{
"product_name": "FlashAir III Class 10 model W-03 series",
"version": {
"version_data": [
{
"version_value": "all firmware versions"
}
]
}
},
{
"product_name": "FlashAir Class 6 model",
"version": {
"version_data": [
{
"version_value": "firmware version 1.00.04 and later"
}
]
}
},
{
"product_name": "FlashAir W-02 series Class 10 model",
"version": {
"version_data": [
{
"version_value": "firmware version 2.00.02 and later"
}
]
}
},
{
"product_name": "FlashAir W-03 series Class 10 model",
"version": {
"version_data": [
{
"version_value": "all firmware versions"
}
]
}
}
]
},
"vendor_name": "Toshiba"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later, FlashAir III Class 10 model W-03 series, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later, FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when \"Internet pass-thru Mode\" is enabled, which allows attackers with access to STA side LAN can obtain files or data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Lack of authentication mechanism"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93479",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93479"
},
{
"name": "JVN#39619137",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN39619137/index.html"
},
{
"name": "JVNDB-2016-000168",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000168"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4863",
"datePublished": "2017-05-22T16:00:00",
"dateReserved": "2016-05-17T00:00:00",
"dateUpdated": "2024-08-06T00:46:38.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2162 (GCVE-0-2017-2162)
Vulnerability from nvd – Published: 2017-05-22 16:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a web browser.
Severity ?
No CVSS data available.
CWE
- Configures default credentials
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Toshiba Corporation | FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) |
Affected:
V3.00.02 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2017-000091",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000091"
},
{
"name": "JVN#81820501",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN81820501/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e)",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V3.00.02 and earlier"
}
]
},
{
"product": "FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e)",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V2.00.04 and earlier"
}
]
}
],
"datePublic": "2017-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a web browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Configures default credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-22T15:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2017-000091",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000091"
},
{
"name": "JVN#81820501",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN81820501/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e)",
"version": {
"version_data": [
{
"version_value": "V3.00.02 and earlier"
}
]
}
},
{
"product_name": "FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e)",
"version": {
"version_data": [
{
"version_value": "V2.00.04 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a web browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Configures default credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2017-000091",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000091"
},
{
"name": "JVN#81820501",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN81820501/index.html"
},
{
"name": "http://www.toshiba-personalstorage.net/news/20170516a.htm",
"refsource": "CONFIRM",
"url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2162",
"datePublished": "2017-05-22T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:03.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2149 (GCVE-0-2017-2149)
Vulnerability from nvd – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series<W-03>) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series<W-02>) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity ?
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Toshiba Corporation | Installer for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool |
Affected:
V1.00.03 and earlier
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#05340816",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN05340816/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.toshiba-personalstorage.net/news/20170414.htm"
},
{
"name": "97697",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97697"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Installer for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V1.00.03 and earlier"
}
]
},
{
"product": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Configuration Software",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V3.0.2 and earlier"
}
]
},
{
"product": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WE series\u003cW-03\u003e)",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V3.00.01"
}
]
},
{
"product": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WD/WC series\u003cW-02\u003e)",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V2.00.03 and earlier"
}
]
},
{
"product": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WB/WL series)",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V1.00.04 and earlier"
}
]
},
{
"product": "Installer for SDHC Memory Card with embedded TransferJetTM functionality Configuration Software",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V1.02 and earlier"
}
]
},
{
"product": "Installer for SDHC Memory Card with embedded TransferJetTM functionality Software Update tool",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V1.00.06 and earlier"
}
]
}
],
"datePublic": "2017-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series\u003cW-03\u003e) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series\u003cW-02\u003e) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#05340816",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN05340816/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.toshiba-personalstorage.net/news/20170414.htm"
},
{
"name": "97697",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97697"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Installer for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool",
"version": {
"version_data": [
{
"version_value": "V1.00.03 and earlier"
}
]
}
},
{
"product_name": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Configuration Software",
"version": {
"version_data": [
{
"version_value": "V3.0.2 and earlier"
}
]
}
},
{
"product_name": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WE series\u003cW-03\u003e)",
"version": {
"version_data": [
{
"version_value": "V3.00.01"
}
]
}
},
{
"product_name": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WD/WC series\u003cW-02\u003e)",
"version": {
"version_data": [
{
"version_value": "V2.00.03 and earlier"
}
]
}
},
{
"product_name": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WB/WL series)",
"version": {
"version_data": [
{
"version_value": "V1.00.04 and earlier"
}
]
}
},
{
"product_name": "Installer for SDHC Memory Card with embedded TransferJetTM functionality Configuration Software",
"version": {
"version_data": [
{
"version_value": "V1.02 and earlier"
}
]
}
},
{
"product_name": "Installer for SDHC Memory Card with embedded TransferJetTM functionality Software Update tool",
"version": {
"version_data": [
{
"version_value": "V1.00.06 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series\u003cW-03\u003e) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series\u003cW-02\u003e) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#05340816",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN05340816/index.html"
},
{
"name": "http://www.toshiba-personalstorage.net/news/20170414.htm",
"refsource": "MISC",
"url": "http://www.toshiba-personalstorage.net/news/20170414.htm"
},
{
"name": "97697",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97697"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2149",
"datePublished": "2017-04-28T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:03.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2017-000091
Vulnerability from jvndb - Published: 2017-05-16 15:46 - Updated:2017-12-21 19:16
Severity ?
Summary
FlashAir do not set credential information in PhotoShare
Details
FlashAir by Toshiba Corporation is an SDHC memory card which provides wireless LAN access functions. FlashAir PhotoShare function enables to share the image data in a certain folder with other users as it switches the original wireless LAN connection set by FlashAir default to the wireless LAN connection for PhotoShare.
When enabling PhotoShare with a mobile application (either for Android or iOS), the application prompts a user to set credentials. But when enabling PhotoShare with web browsers, the wireless LAN connection for PhotoShare cannot be enabled, and default credentials are set to the other wireless network configured to the device. As a result, a remote attacker with access to the wireless LAN may obtain image data by using default credentials (CWE-284).
Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000091.html",
"dc:date": "2017-12-21T19:16+09:00",
"dcterms:issued": "2017-05-16T15:46+09:00",
"dcterms:modified": "2017-12-21T19:16+09:00",
"description": "FlashAir by Toshiba Corporation is an SDHC memory card which provides wireless LAN access functions. FlashAir PhotoShare function enables to share the image data in a certain folder with other users as it switches the original wireless LAN connection set by FlashAir default to the wireless LAN connection for PhotoShare.\r\n\r\nWhen enabling PhotoShare with a mobile application (either for Android or iOS), the application prompts a user to set credentials. But when enabling PhotoShare with web browsers, the wireless LAN connection for PhotoShare cannot be enabled, and default credentials are set to the other wireless network configured to the device. As a result, a remote attacker with access to the wireless LAN may obtain image data by using default credentials (CWE-284).\r\n\r\nTakayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000091.html",
"sec:cpe": {
"#text": "cpe:/a:toshiba:flashair",
"@product": "FlashAir",
"@vendor": "TOSHIBA",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.3",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000091",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN81820501/index.html",
"@id": "JVN#81820501",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2162",
"@id": "CVE-2017-2162",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2162",
"@id": "CVE-2017-2162",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "FlashAir do not set credential information in PhotoShare"
}
JVNDB-2017-000090
Vulnerability from jvndb - Published: 2017-05-16 15:34 - Updated:2017-12-21 19:13
Severity ?
Summary
FlashAir fails to restrict access permissions in PhotoShare
Details
FlashAir by Toshiba Corporation is an SDHC memory card which provides wireless LAN access functions. FlashAir PhotoShare function enables to share the selected data with other users as it switches the original wireless LAN connection set by FlashAir default to the wireless LAN connection for PhotoShare.
FlashAir fails to restrict access permissions (CWE-425) in PhotoShare.
Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000090.html",
"dc:date": "2017-12-21T19:13+09:00",
"dcterms:issued": "2017-05-16T15:34+09:00",
"dcterms:modified": "2017-12-21T19:13+09:00",
"description": "FlashAir by Toshiba Corporation is an SDHC memory card which provides wireless LAN access functions. FlashAir PhotoShare function enables to share the selected data with other users as it switches the original wireless LAN connection set by FlashAir default to the wireless LAN connection for PhotoShare.\r\n\r\nFlashAir fails to restrict access permissions (CWE-425) in PhotoShare.\r\n\r\nTakayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000090.html",
"sec:cpe": {
"#text": "cpe:/a:toshiba:flashair",
"@product": "FlashAir",
"@vendor": "TOSHIBA",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.7",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000090",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN46372675/index.html",
"@id": "JVN#46372675",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2161",
"@id": "CVE-2017-2161",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2161",
"@id": "CVE-2017-2161",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/284.html",
"@id": "CWE-284",
"@title": "Improper Access Control(CWE-284)"
}
],
"title": "FlashAir fails to restrict access permissions in PhotoShare"
}
JVNDB-2016-000168
Vulnerability from jvndb - Published: 2016-10-12 10:03 - Updated:2017-11-27 17:04
Severity ?
Summary
Toshiba FlashAir does not require authentication in "Internet pass-thru Mode"
Details
FlashAir by Toshiba Corporation is a SDHC memory card which provides "Internet pass-thru Mode", allowing devices to access the internet while connecting to FlashAir. When configured in "Internet pass-thru Mode", FlashAir acts both as a station and as an access point.
When "Internet pass-thru Mode" is enabled, FlashAir does not require authentication on accepting a connection from STA (station) side LAN.
Tsukada Nobuhisa of Seasoft reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000168.html",
"dc:date": "2017-11-27T17:04+09:00",
"dcterms:issued": "2016-10-12T10:03+09:00",
"dcterms:modified": "2017-11-27T17:04+09:00",
"description": "FlashAir by Toshiba Corporation is a SDHC memory card which provides \"Internet pass-thru Mode\", allowing devices to access the internet while connecting to FlashAir. When configured in \"Internet pass-thru Mode\", FlashAir acts both as a station and as an access point.\r\nWhen \"Internet pass-thru Mode\" is enabled, FlashAir does not require authentication on accepting a connection from STA (station) side LAN.\r\n\r\nTsukada Nobuhisa of Seasoft reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000168.html",
"sec:cpe": {
"#text": "cpe:/a:toshiba:flashair",
"@product": "FlashAir",
"@vendor": "TOSHIBA",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000168",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN39619137/index.html",
"@id": "JVN#39619137",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4863",
"@id": "CVE-2016-4863",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4863",
"@id": "CVE-2016-4863",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Toshiba FlashAir does not require authentication in \"Internet pass-thru Mode\""
}