CVE-2017-2161
LOWFlashAir SD-WE <W-03 and SD-WD/WC <W-02 - Authenticated Unauthorized Data Access
Title source: llmDescription
FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000090.html
Third Party Advisory, VDB Entry third-party-advisory
x_refsource_jvn
https://jvn.jp/en/jp/JVN46372675/index.html
Vendor Advisory x_refsource_confirm
http://www.toshiba-personalstorage.net/news/20170516a.htm
Scores
CVSS v3
3.5
EPSS
0.0045
EPSS Percentile
35.3%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-425
Status
published
Products (3)
toshiba/flashair
< 2.00.04
Toshiba Corporation/FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>)
V2.00.04 and earlier
Toshiba Corporation/FlashAirTM SDHC Memory Card (SD-WE Series <W-03>)
V3.00.02 and earlier
Published
May 22, 2017
Tracked Since
Feb 18, 2026