← Back

CVE-2017-2286

nvd nist
Published: Aug 2, 2017Modified: May 13, 2026

JSON object

Loading...
7.8
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for RC-S320, RC-S310/J1C, RC-S310/ED4C), PC/SC Activator for Type B Ver.1.2.1.0 and earlier, SFCard Viewer 2 Ver.2.5.0.0 and earlier, NFC Net Installer Ver.1.1.0.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Affected (5)

Sony
4 products
Nfc Port Firmware
Pc/sc Activator For Type B
Sfcard Viewer 2
Nfc Net Installer
Configuration A
1 vulnerable · 5 platform
Vulnerable SoftwareAffected Versions
Nfc Port Firmware
Up to 5.5.0.6
Running on/withPlatform Versions
Sony
Rc S310
All versions
Sony
Rc S330
All versions
Sony
Rc S370
All versions
Sony
Rc S380
All versions
Sony
Rc S380/s
All versions
Configuration B
1 vulnerable · 3 platform
Vulnerable SoftwareAffected Versions
Nfc Port Firmware
Up to 5.3.6.7
Running on/withPlatform Versions
Sony
Rc S310/ed4c
All versions
Sony
Rc S310/j1c
All versions
Sony
Rc S320
All versions
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Pc/sc Activator For Type B
Up to 1.2.1.0
Configuration D
1 vulnerable
Vulnerable SoftwareAffected Versions
Sfcard Viewer 2
Version 2.5.0.0
Configuration E
1 vulnerable
Vulnerable SoftwareAffected Versions
Nfc Net Installer
Up to 1.1.0.0

Related CWEs

CWE-427
Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (2)

Source: vultures@jpcert.or.jp
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry

Timeline

No history available yet.