cvelistv5 - cve-2017-2149

CVE-2017-2149 (GCVE-0-2017-2149)

Vulnerability from cvelistv5 – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:48

Summary

Severity ?

No CVSS data available.

CWE

Untrusted search path vulnerability

Assigner

jpcert

References

URL

Tags

	http://jvn.jp/en/jp/JVN05340816/index.html	third-party-advisoryx_refsource_JVN
	http://www.toshiba-personalstorage.net/news/20170…	x_refsource_MISC
	http://www.securityfocus.com/bid/97697	vdb-entryx_refsource_BID

Impacted products

Vendor

Product

Version

Toshiba Corporation

Installer for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool

Affected: V1.00.03 and earlier

Toshiba Corporation	Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Configuration Software	Affected: V3.0.2 and earlier
Toshiba Corporation	Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WE series<W-03>)	Affected: V3.00.01
Toshiba Corporation	Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WD/WC series<W-02>)	Affected: V2.00.03 and earlier
Toshiba Corporation	Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WB/WL series)	Affected: V1.00.04 and earlier
Toshiba Corporation	Installer for SDHC Memory Card with embedded TransferJetTM functionality Configuration Software	Affected: V1.02 and earlier
Toshiba Corporation	Installer for SDHC Memory Card with embedded TransferJetTM functionality Software Update tool	Affected: V1.00.06 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:03.535Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#05340816",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN05340816/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.toshiba-personalstorage.net/news/20170414.htm"
          },
          {
            "name": "97697",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97697"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Installer for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool",
          "vendor": "Toshiba Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "V1.00.03 and earlier"
            }
          ]
        },
        {
          "product": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Configuration Software",
          "vendor": "Toshiba Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "V3.0.2 and earlier"
            }
          ]
        },
        {
          "product": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WE series\u003cW-03\u003e)",
          "vendor": "Toshiba Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "V3.00.01"
            }
          ]
        },
        {
          "product": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WD/WC series\u003cW-02\u003e)",
          "vendor": "Toshiba Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "V2.00.03 and earlier"
            }
          ]
        },
        {
          "product": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WB/WL series)",
          "vendor": "Toshiba Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "V1.00.04 and earlier"
            }
          ]
        },
        {
          "product": "Installer for SDHC Memory Card with embedded TransferJetTM functionality Configuration Software",
          "vendor": "Toshiba Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "V1.02 and earlier"
            }
          ]
        },
        {
          "product": "Installer for SDHC Memory Card with embedded TransferJetTM functionality Software Update tool",
          "vendor": "Toshiba Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "V1.00.06 and earlier"
            }
          ]
        }
      ],
      "datePublic": "2017-04-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series\u003cW-03\u003e) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series\u003cW-02\u003e) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Untrusted search path vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-01T09:57:02",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#05340816",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN05340816/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.toshiba-personalstorage.net/news/20170414.htm"
        },
        {
          "name": "97697",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97697"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2017-2149",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Installer for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V1.00.03 and earlier"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Configuration Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V3.0.2 and earlier"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WE series\u003cW-03\u003e)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V3.00.01"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WD/WC series\u003cW-02\u003e)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V2.00.03 and earlier"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WB/WL series)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V1.00.04 and earlier"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Installer for SDHC Memory Card with embedded TransferJetTM functionality Configuration Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V1.02 and earlier"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Installer for SDHC Memory Card with embedded TransferJetTM functionality Software Update tool",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "V1.00.06 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Toshiba Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series\u003cW-03\u003e) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series\u003cW-02\u003e) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#05340816",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN05340816/index.html"
            },
            {
              "name": "http://www.toshiba-personalstorage.net/news/20170414.htm",
              "refsource": "MISC",
              "url": "http://www.toshiba-personalstorage.net/news/20170414.htm"
            },
            {
              "name": "97697",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97697"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2017-2149",
    "datePublished": "2017-04-28T16:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:03.535Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.00.03\", \"matchCriteriaId\": \"CBA7647D-DB43-4DD7-89B4-02CD310B8F5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.00.04\", \"matchCriteriaId\": \"A3E68A5E-C899-484D-87EA-F52414B66968\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.00.06\", \"matchCriteriaId\": \"8288D17C-1CE9-4B38-81C4-9C702E5800D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.02\", \"matchCriteriaId\": \"C0CE8592-61C3-4F18-9398-3F9C2F5531A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.00.03\", \"matchCriteriaId\": \"E7DB5458-E52B-497D-8B09-040FCDB13B78\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.00.01\", \"matchCriteriaId\": \"48762E2F-044E-43C6-8221-FBFBA9C8E7E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.0.2\", \"matchCriteriaId\": \"C182FF61-0D00-4AE6-94CD-38BBB47050D5\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series\u003cW-03\u003e) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series\u003cW-02\u003e) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de ruta de b\\u00fasqueda no confiable en los instaladores de software: Software Update Tool V1.00.03 y versiones anteriores para tarjetas de memoria SDHC/SDXC con funcionalidad NFC integrada, FlashAir Configuration Software V3.0.2 y versiones anteriores para tarjetas de memoria SDHC con funcionalidad LAN inal\\u00e1mbrica integrada, FlashAir Software Update tool (SD-WE series) V3.00.01 para tarjetas de memoria SDHC con funcionalidad LAN inal\\u00e1mbrica integrada, FlashAir Software Update tool (SD-WD/WC series) V2.00.03 y versiones anteriores para tarjetas de memoria SDHC con funcionalidad LAN inal\\u00e1mbrica integrada, FlashAir Software Update tool (SD-WB/WL series) V1.00.04 y versiones anteriores para tarjetas de memoria SDHC con funcionalidad LAN inal\\u00e1mbrica integrada, Configuration Software V1.02 y versiones anteriores para tarjetas de memoria SDHC con funcionalidad TransferJet integrada, Software Update tool V1.00.06 y versiones anteriores para tarjetas de memoria SDHC con funcionalidad TransferJet integrada, permite a atacantes remotos obtener privilegios a trav\\u00e9s de una DLL troyanizada en un directorio no especificado.\"}]",
      "id": "CVE-2017-2149",
      "lastModified": "2024-11-21T03:22:59.327",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2017-04-28T16:59:01.917",
      "references": "[{\"url\": \"http://jvn.jp/en/jp/JVN05340816/index.html\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/97697\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.toshiba-personalstorage.net/news/20170414.htm\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://jvn.jp/en/jp/JVN05340816/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/97697\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.toshiba-personalstorage.net/news/20170414.htm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "vultures@jpcert.or.jp",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-426\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-2149\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2017-04-28T16:59:01.917\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series\u003cW-03\u003e) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series\u003cW-02\u003e) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de ruta de b\u00fasqueda no confiable en los instaladores de software: Software Update Tool V1.00.03 y versiones anteriores para tarjetas de memoria SDHC/SDXC con funcionalidad NFC integrada, FlashAir Configuration Software V3.0.2 y versiones anteriores para tarjetas de memoria SDHC con funcionalidad LAN inal\u00e1mbrica integrada, FlashAir Software Update tool (SD-WE series) V3.00.01 para tarjetas de memoria SDHC con funcionalidad LAN inal\u00e1mbrica integrada, FlashAir Software Update tool (SD-WD/WC series) V2.00.03 y versiones anteriores para tarjetas de memoria SDHC con funcionalidad LAN inal\u00e1mbrica integrada, FlashAir Software Update tool (SD-WB/WL series) V1.00.04 y versiones anteriores para tarjetas de memoria SDHC con funcionalidad LAN inal\u00e1mbrica integrada, Configuration Software V1.02 y versiones anteriores para tarjetas de memoria SDHC con funcionalidad TransferJet integrada, Software Update tool V1.00.06 y versiones anteriores para tarjetas de memoria SDHC con funcionalidad TransferJet integrada, permite a atacantes remotos obtener privilegios a trav\u00e9s de una DLL troyanizada en un directorio no especificado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-426\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.00.03\",\"matchCriteriaId\":\"CBA7647D-DB43-4DD7-89B4-02CD310B8F5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.00.04\",\"matchCriteriaId\":\"A3E68A5E-C899-484D-87EA-F52414B66968\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.00.06\",\"matchCriteriaId\":\"8288D17C-1CE9-4B38-81C4-9C702E5800D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.02\",\"matchCriteriaId\":\"C0CE8592-61C3-4F18-9398-3F9C2F5531A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.00.03\",\"matchCriteriaId\":\"E7DB5458-E52B-497D-8B09-040FCDB13B78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.00.01\",\"matchCriteriaId\":\"48762E2F-044E-43C6-8221-FBFBA9C8E7E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.0.2\",\"matchCriteriaId\":\"C182FF61-0D00-4AE6-94CD-38BBB47050D5\"}]}]}],\"references\":[{\"url\":\"http://jvn.jp/en/jp/JVN05340816/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/97697\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.toshiba-personalstorage.net/news/20170414.htm\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://jvn.jp/en/jp/JVN05340816/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/97697\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.toshiba-personalstorage.net/news/20170414.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GSD-2017-2149

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-2149

Aliases

CVE-2017-2149

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-2149",
    "description": "Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series\u003cW-03\u003e) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series\u003cW-02\u003e) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.",
    "id": "GSD-2017-2149"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-2149"
      ],
      "details": "Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series\u003cW-03\u003e) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series\u003cW-02\u003e) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.",
      "id": "GSD-2017-2149",
      "modified": "2023-12-13T01:21:05.416022Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2017-2149",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Installer for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "V1.00.03 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Configuration Software",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "V3.0.2 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WE series\u003cW-03\u003e)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "V3.00.01"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WD/WC series\u003cW-02\u003e)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "V2.00.03 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WB/WL series)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "V1.00.04 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Installer for SDHC Memory Card with embedded TransferJetTM functionality Configuration Software",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "V1.02 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Installer for SDHC Memory Card with embedded TransferJetTM functionality Software Update tool",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "V1.00.06 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Toshiba Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series\u003cW-03\u003e) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series\u003cW-02\u003e) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Untrusted search path vulnerability"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "JVN#05340816",
            "refsource": "JVN",
            "url": "http://jvn.jp/en/jp/JVN05340816/index.html"
          },
          {
            "name": "http://www.toshiba-personalstorage.net/news/20170414.htm",
            "refsource": "MISC",
            "url": "http://www.toshiba-personalstorage.net/news/20170414.htm"
          },
          {
            "name": "97697",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/97697"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.00.01",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.00.04",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.02",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.00.06",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.00.03",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.0.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.00.03",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2017-2149"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series\u003cW-03\u003e) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series\u003cW-02\u003e) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-426"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.toshiba-personalstorage.net/news/20170414.htm",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.toshiba-personalstorage.net/news/20170414.htm"
            },
            {
              "name": "JVN#05340816",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://jvn.jp/en/jp/JVN05340816/index.html"
            },
            {
              "name": "97697",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/97697"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2017-04-28T16:59Z"
    }
  }
}

VAR-201704-0898

Vulnerability from variot - Updated: 2023-12-18 12:19

Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. Multiple installers of Toshiba memory card related software contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Arbitrary code may be executed with the privilege of the user invoking the installer. Toshiba SDHC and SDXC are both memory cards from Toshiba Corporation of Japan. A remote attacker can exploit this vulnerability to gain access. A remote attacker can leverage this issue to execute arbitrary code in the context of the affected application

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0898",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "flashair",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "toshiba",
        "version": "3.00.01"
      },
      {
        "model": "flashair",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "toshiba",
        "version": "2.00.03"
      },
      {
        "model": "flashair",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "toshiba",
        "version": "1.02"
      },
      {
        "model": "flashair",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "toshiba",
        "version": "1.00.03"
      },
      {
        "model": "flashair",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "toshiba",
        "version": "3.0.2"
      },
      {
        "model": "flashair",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "toshiba",
        "version": "1.00.06"
      },
      {
        "model": "flashair",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "toshiba",
        "version": "1.00.04"
      },
      {
        "model": "sdhc memory card with embedded transferjet functionality configuration software",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "toshiba",
        "version": "v1.02"
      },
      {
        "model": "sdhc memory card with embedded transferjet functionality software update tool",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "toshiba",
        "version": "v1.00.06"
      },
      {
        "model": "sdhc memory card with embedded wireless lan functionality flashair configuration software",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "toshiba",
        "version": "v3.0.2"
      },
      {
        "model": "sdhc memory card with embedded wireless lan functionality flashair software update tool",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "toshiba",
        "version": "(sd-wb/wl series) v1.00.04"
      },
      {
        "model": "sdhc memory card with embedded wireless lan functionality flashair software update tool",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "toshiba",
        "version": "(sd-wd/wc series\u003cw-02\u003e) v2.00.03"
      },
      {
        "model": "sdhc memory card with embedded wireless lan functionality flashair software update tool",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "toshiba",
        "version": "(sd-we series\u003cw-03\u003e) v3.00.01"
      },
      {
        "model": "sdhc/sdxc memory card with embedded nfc functionality software update tool",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "toshiba",
        "version": "v1.00.03"
      },
      {
        "model": "sdhc memory card",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "toshiba",
        "version": "\u003c=v3.0.2"
      },
      {
        "model": "sdhc memory card",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "toshiba",
        "version": "3.00.01"
      },
      {
        "model": "sdhc memory card",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "toshiba",
        "version": "\u003c=v2.00.03"
      },
      {
        "model": "sdhc memory card",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "toshiba",
        "version": "\u003c=v1.00.04"
      },
      {
        "model": "sdhc memory card",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "toshiba",
        "version": "\u003c=v1.02"
      },
      {
        "model": "sdhc memory card",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "toshiba",
        "version": "\u003c=v1.00.06"
      },
      {
        "model": "sdhc/sdxc memory card",
        "scope": null,
        "trust": 0.6,
        "vendor": "toshiba",
        "version": null
      },
      {
        "model": "flashair",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "toshiba",
        "version": "3.0.2"
      },
      {
        "model": "flashair",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "toshiba",
        "version": "2.00.03"
      },
      {
        "model": "flashair",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "toshiba",
        "version": "1.00.03"
      },
      {
        "model": "flashair",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "toshiba",
        "version": "1.00.04"
      },
      {
        "model": "flashair",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "toshiba",
        "version": "1.00.06"
      },
      {
        "model": "flashair",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "toshiba",
        "version": "3.00.01"
      },
      {
        "model": "flashair",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "toshiba",
        "version": "1.02"
      },
      {
        "model": "sdxc memory card with embedded nfc functionality software update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "toshiba",
        "version": "1.0.3"
      },
      {
        "model": "sdxc memory card with embedded nfc functionality software update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "toshiba",
        "version": "0"
      },
      {
        "model": "sdhc memory card flashairtm software update tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "toshiba",
        "version": "3.0.1"
      },
      {
        "model": "sdhc memory card flashairtm software update tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "toshiba",
        "version": "0"
      },
      {
        "model": "sdhc memory card flashairtm configuration software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "toshiba",
        "version": "3.0.2"
      },
      {
        "model": "sdhc memory card flashairtm configuration software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "toshiba",
        "version": "0"
      },
      {
        "model": "sdhc memory card",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "toshiba",
        "version": "1.0.3"
      },
      {
        "model": "sdhc memory card",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "toshiba",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-06938"
      },
      {
        "db": "BID",
        "id": "97697"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000069"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2149"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-965"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.00.01",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.00.04",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.02",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.00.06",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.00.03",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.0.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.00.03",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2149"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Yuji Tounai of NTT Communications Corporation.",
    "sources": [
      {
        "db": "BID",
        "id": "97697"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-965"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-2149",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2017-000069",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2017-06938",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2017-000069",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-2149",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2017-000069",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-06938",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201704-965",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-06938"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000069"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2149"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-965"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series\u003cW-03\u003e) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series\u003cW-02\u003e) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. Multiple installers of Toshiba memory card related software contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Arbitrary code may be executed with the privilege of the user invoking the installer. Toshiba SDHC and SDXC are both memory cards from Toshiba Corporation of Japan. A remote attacker can exploit this vulnerability to gain access. \nA remote attacker can leverage this issue to execute arbitrary code in the context of the affected application",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2149"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000069"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06938"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-965"
      },
      {
        "db": "BID",
        "id": "97697"
      }
    ],
    "trust": 2.97
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "JVN",
        "id": "JVN05340816",
        "trust": 3.3
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2149",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "97697",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000069",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06938",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-965",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-06938"
      },
      {
        "db": "BID",
        "id": "97697"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000069"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2149"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-965"
      }
    ]
  },
  "id": "VAR-201704-0898",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-06938"
      }
    ],
    "trust": 1.5375
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-06938"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:19:54.396000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Toshiba Corporation website",
        "trust": 0.8,
        "url": "http://www.toshiba-personalstorage.net/news/20170414.htm"
      },
      {
        "title": "Patches for multiple Toshiba memory card installers that are not trusted for search path vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/93907"
      },
      {
        "title": "Multiple Toshiba Repair measures for memory card installer security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69714"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-06938"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000069"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-965"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-426",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000069"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2149"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.3,
        "url": "http://jvn.jp/en/jp/jvn05340816/index.html"
      },
      {
        "trust": 2.2,
        "url": "http://www.securityfocus.com/bid/97697"
      },
      {
        "trust": 1.6,
        "url": "http://www.toshiba-personalstorage.net/news/20170414.htm"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2149"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2149"
      },
      {
        "trust": 0.3,
        "url": "http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-06938"
      },
      {
        "db": "BID",
        "id": "97697"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000069"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2149"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-965"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-06938"
      },
      {
        "db": "BID",
        "id": "97697"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000069"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2149"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-965"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-06938"
      },
      {
        "date": "2017-04-14T00:00:00",
        "db": "BID",
        "id": "97697"
      },
      {
        "date": "2017-04-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-000069"
      },
      {
        "date": "2017-04-28T16:59:01.917000",
        "db": "NVD",
        "id": "CVE-2017-2149"
      },
      {
        "date": "2017-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-965"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-06938"
      },
      {
        "date": "2017-04-18T00:07:00",
        "db": "BID",
        "id": "97697"
      },
      {
        "date": "2017-12-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-000069"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2017-2149"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-965"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-965"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple installers of Toshiba memory card related software may insecurely load Dynamic Link Libraries",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000069"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-965"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2017-06938

Vulnerability from cnvd - Published: 2017-05-18

Title

多款Toshiba内存卡安装程序不可信搜索路径漏洞

Description

Toshiba SDHC和SDXC都是日本东芝（Toshiba）公司的存储卡产品。多款Toshiba内存卡安装程序中存在不可信搜索路径漏洞。远程攻击者可利用该漏洞获取权限。

Severity

高

Patch Name

多款Toshiba内存卡安装程序不可信搜索路径漏洞的补丁

Patch Description

Toshiba SDHC和SDXC都是日本东芝（Toshiba）公司的存储卡产品。多款Toshiba内存卡安装程序中存在不可信搜索路径漏洞。远程攻击者可利用该漏洞获取权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://www.toshiba-personalstorage.net/news/20170414.htm

Reference

http://www.securityfocus.com/bid/97697 http://jvn.jp/en/jp/JVN05340816/index.html

Impacted products

Name
['Toshiba SDHC Memory Card <=V3.0.2', 'Toshiba SDHC Memory Card <3.00.01', 'Toshiba SDHC Memory Card <=V2.00.03', 'Toshiba SDHC Memory Card <=V1.00.04', 'Toshiba SDHC Memory Card <=V1.02', 'Toshiba SDHC Memory Card <=V1.00.06', 'Toshiba SDHC/SDXC Memory Card']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "97697"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2149"
    }
  },
  "description": "Toshiba SDHC\u548cSDXC\u90fd\u662f\u65e5\u672c\u4e1c\u829d\uff08Toshiba\uff09\u516c\u53f8\u7684\u5b58\u50a8\u5361\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3eToshiba\u5185\u5b58\u5361\u5b89\u88c5\u7a0b\u5e8f\u4e2d\u5b58\u5728\u4e0d\u53ef\u4fe1\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6743\u9650\u3002",
  "discovererName": "Yuji Tounai of NTT Communications Corporation.",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www.toshiba-personalstorage.net/news/20170414.htm",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-06938",
  "openTime": "2017-05-18",
  "patchDescription": "Toshiba SDHC\u548cSDXC\u90fd\u662f\u65e5\u672c\u4e1c\u829d\uff08Toshiba\uff09\u516c\u53f8\u7684\u5b58\u50a8\u5361\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3eToshiba\u5185\u5b58\u5361\u5b89\u88c5\u7a0b\u5e8f\u4e2d\u5b58\u5728\u4e0d\u53ef\u4fe1\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eToshiba\u5185\u5b58\u5361\u5b89\u88c5\u7a0b\u5e8f\u4e0d\u53ef\u4fe1\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Toshiba SDHC Memory Card \u003c=V3.0.2",
      "Toshiba SDHC Memory Card \u003c3.00.01",
      "Toshiba SDHC Memory Card \u003c=V2.00.03",
      "Toshiba SDHC Memory Card \u003c=V1.00.04",
      "Toshiba SDHC Memory Card \u003c=V1.02",
      "Toshiba SDHC Memory Card \u003c=V1.00.06",
      "Toshiba SDHC/SDXC Memory Card"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/97697\r\nhttp://jvn.jp/en/jp/JVN05340816/index.html",
  "serverity": "\u9ad8",
  "submitTime": "2017-05-17",
  "title": "\u591a\u6b3eToshiba\u5185\u5b58\u5361\u5b89\u88c5\u7a0b\u5e8f\u4e0d\u53ef\u4fe1\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e"
}

FKIE_CVE-2017-2149

Vulnerability from fkie_nvd - Published: 2017-04-28 16:59 - Updated: 2025-04-20 01:37

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN05340816/index.html	Third Party Advisory, VDB Entry
vultures@jpcert.or.jp	http://www.securityfocus.com/bid/97697	Third Party Advisory, VDB Entry
vultures@jpcert.or.jp	http://www.toshiba-personalstorage.net/news/20170414.htm	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN05340816/index.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/97697	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.toshiba-personalstorage.net/news/20170414.htm	Vendor Advisory

Impacted products

Vendor	Product	Version
toshiba	flashair	*
toshiba	flashair	*
toshiba	flashair	*
toshiba	flashair	*
toshiba	flashair	*
toshiba	flashair	*
toshiba	flashair	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBA7647D-DB43-4DD7-89B4-02CD310B8F5B",
              "versionEndIncluding": "1.00.03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E68A5E-C899-484D-87EA-F52414B66968",
              "versionEndIncluding": "1.00.04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8288D17C-1CE9-4B38-81C4-9C702E5800D9",
              "versionEndIncluding": "1.00.06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0CE8592-61C3-4F18-9398-3F9C2F5531A4",
              "versionEndIncluding": "1.02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7DB5458-E52B-497D-8B09-040FCDB13B78",
              "versionEndIncluding": "2.00.03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "48762E2F-044E-43C6-8221-FBFBA9C8E7E4",
              "versionEndIncluding": "3.00.01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C182FF61-0D00-4AE6-94CD-38BBB47050D5",
              "versionEndIncluding": "3.0.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series\u003cW-03\u003e) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series\u003cW-02\u003e) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en los instaladores de software: Software Update Tool V1.00.03 y versiones anteriores para tarjetas de memoria SDHC/SDXC con funcionalidad NFC integrada, FlashAir Configuration Software V3.0.2 y versiones anteriores para tarjetas de memoria SDHC con funcionalidad LAN inal\u00e1mbrica integrada, FlashAir Software Update tool (SD-WE series) V3.00.01 para tarjetas de memoria SDHC con funcionalidad LAN inal\u00e1mbrica integrada, FlashAir Software Update tool (SD-WD/WC series) V2.00.03 y versiones anteriores para tarjetas de memoria SDHC con funcionalidad LAN inal\u00e1mbrica integrada, FlashAir Software Update tool (SD-WB/WL series) V1.00.04 y versiones anteriores para tarjetas de memoria SDHC con funcionalidad LAN inal\u00e1mbrica integrada, Configuration Software V1.02 y versiones anteriores para tarjetas de memoria SDHC con funcionalidad TransferJet integrada, Software Update tool V1.00.06 y versiones anteriores para tarjetas de memoria SDHC con funcionalidad TransferJet integrada, permite a atacantes remotos obtener privilegios a trav\u00e9s de una DLL troyanizada en un directorio no especificado."
    }
  ],
  "id": "CVE-2017-2149",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-28T16:59:01.917",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://jvn.jp/en/jp/JVN05340816/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97697"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.toshiba-personalstorage.net/news/20170414.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://jvn.jp/en/jp/JVN05340816/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.toshiba-personalstorage.net/news/20170414.htm"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-426"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

JVNDB-2017-000069

Vulnerability from jvndb - Published: 2017-04-14 14:09 - Updated:2017-12-21 17:50

Severity ?

7.8 (High) - cvssV3_0 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Multiple installers of Toshiba memory card related software may insecurely load Dynamic Link Libraries

Details

Multiple installers of Toshiba memory card related software contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN05340816/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2149
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-2149
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	TOSHIBA	SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool
	TOSHIBA	SDHC Memory Card with embedded TransferJet functionality Software Update tool
	TOSHIBA	SDHC Memory Card with embedded TransferJet functionality Configuration Software
	TOSHIBA	SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software
	TOSHIBA	SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000069.html",
  "dc:date": "2017-12-21T17:50+09:00",
  "dcterms:issued": "2017-04-14T14:09+09:00",
  "dcterms:modified": "2017-12-21T17:50+09:00",
  "description": "Multiple installers of Toshiba memory card related software contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nYuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000069.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:toshiba:nfc_sdhc_%2F_sdxc_memory_card_software_updatetool",
      "@product": "SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool",
      "@vendor": "TOSHIBA",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:toshiba:sdhc_memory_card_with_transferjet_firmware_updatetool",
      "@product": "SDHC Memory Card with embedded TransferJet functionality Software Update tool",
      "@vendor": "TOSHIBA",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:toshiba:sdhc_memory_card_with_transferjet_setting_software",
      "@product": "SDHC Memory Card with embedded TransferJet functionality Configuration Software",
      "@vendor": "TOSHIBA",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:toshiba:wlan_sdhc_memory_card_flashair_setting_software",
      "@product": "SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software",
      "@vendor": "TOSHIBA",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:toshiba:wlan_sdhc_memory_card_flashair_setting_software_updatetool",
      "@product": "SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool",
      "@vendor": "TOSHIBA",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "7.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000069",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN05340816/index.html",
      "@id": "JVN#05340816",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2149",
      "@id": "CVE-2017-2149",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2149",
      "@id": "CVE-2017-2149",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple installers of Toshiba memory card related software may insecurely load Dynamic Link Libraries"
}

GHSA-PVR8-F2QG-6JXG

Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2022-05-13 01:44

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-2149"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-426"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-28T16:59:00Z",
    "severity": "HIGH"
  },
  "details": "Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series\u003cW-03\u003e) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series\u003cW-02\u003e) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.",
  "id": "GHSA-pvr8-f2qg-6jxg",
  "modified": "2022-05-13T01:44:43Z",
  "published": "2022-05-13T01:44:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2149"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN05340816/index.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97697"
    },
    {
      "type": "WEB",
      "url": "http://www.toshiba-personalstorage.net/news/20170414.htm"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-2149 (GCVE-0-2017-2149)

GSD-2017-2149

VAR-201704-0898

CNVD-2017-06938

FKIE_CVE-2017-2149

JVNDB-2017-000069

GHSA-PVR8-F2QG-6JXG

Tags

Sightings

Nomenclature