← Back

CVE-2017-2161

nvd nist
Published: May 22, 2017Modified: May 13, 2026

JSON object

Loading...
3.5
Vector
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Exploitability: 2.1 / Impact: 1.4
Source: NVD

Description

FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors.

Affected (2)

Products: Toshiba: Flashair
Toshiba
1 product
Flashair
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Toshiba
Flashair
Up to 2.00.04
Flashair
Up to 3.00.02

Related CWEs

CWE-425
Direct Request ('Forced Browsing')
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

References (6)

Source: vultures@jpcert.or.jp
Third Party AdvisoryVDB Entry
Source: vultures@jpcert.or.jp
Vendor Advisory
Source: vultures@jpcert.or.jp
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry

Timeline

No history available yet.