CVE-2017-2161

LOW

FlashAirTM SDHC - Auth Bypass

Title source: llm

Description

FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors.

References (3)

[Third Party Advisory, VDB Entry] http://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000090.html

[Third Party Advisory, VDB Entry] https://jvn.jp/en/jp/JVN46372675/index.html

[Vendor Advisory] http://www.toshiba-personalstorage.net/news/20170516a.htm

Scores

CVSS v3 3.5

EPSS 0.0009

EPSS Percentile 25.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-425

Status published

Products (3)

toshiba/flashair < 2.00.04

Toshiba Corporation/FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier

Toshiba Corporation/FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier

Published May 22, 2017

Tracked Since Feb 18, 2026