cvelistv5 - CVE-2017-2162

CVE-2017-2162 (GCVE-0-2017-2162)

Vulnerability from cvelistv5

Published

2017-05-22 16:00

Modified

2024-08-05 13:48

Severity ?

CWE

Configures default credentials

Summary

FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a web browser.

References

URL

CVE-2017-2162

Vulnerability from jvndb

Published

2017-05-16 15:46

Modified

2017-12-21 19:16

Severity ?

4.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

FlashAir do not set credential information in PhotoShare

Details

FlashAir by Toshiba Corporation is an SDHC memory card which provides wireless LAN access functions. FlashAir PhotoShare function enables to share the image data in a certain folder with other users as it switches the original wireless LAN connection set by FlashAir default to the wireless LAN connection for PhotoShare. When enabling PhotoShare with a mobile application (either for Android or iOS), the application prompts a user to set credentials. But when enabling PhotoShare with web browsers, the wireless LAN connection for PhotoShare cannot be enabled, and default credentials are set to the other wireless network configured to the device. As a result, a remote attacker with access to the wireless LAN may obtain image data by using default credentials (CWE-284). Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN81820501/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2162
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-2162
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

TOSHIBA

FlashAir

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000091.html",
  "dc:date": "2017-12-21T19:16+09:00",
  "dcterms:issued": "2017-05-16T15:46+09:00",
  "dcterms:modified": "2017-12-21T19:16+09:00",
  "description": "FlashAir by Toshiba Corporation is an SDHC memory card which provides wireless LAN access functions. FlashAir PhotoShare function enables to share the image data in a certain folder with other users as it switches the original wireless LAN connection set by FlashAir default to the wireless LAN connection for PhotoShare.\r\n\r\nWhen enabling PhotoShare with a mobile application (either for Android or iOS), the application prompts a user to set credentials. But when enabling PhotoShare with web browsers, the wireless LAN connection for PhotoShare cannot be enabled, and default credentials are set to the other wireless network configured to the device. As a result, a remote attacker with access to the wireless LAN may obtain image data by using default credentials (CWE-284).\r\n\r\nTakayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000091.html",
  "sec:cpe": {
    "#text": "cpe:/a:toshiba:flashair",
    "@product": "FlashAir",
    "@vendor": "TOSHIBA",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "3.3",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000091",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN81820501/index.html",
      "@id": "JVN#81820501",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2162",
      "@id": "CVE-2017-2162",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2162",
      "@id": "CVE-2017-2162",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "FlashAir do not set credential information in PhotoShare"
}

fkie_cve-2017-2162

Vulnerability from fkie_nvd

Published

2017-05-22 16:29

Modified

2025-04-20 01:37

Severity ?

4.3 (Medium) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

References

URL	Tags
vultures@jpcert.or.jp	http://jvndb.jvn.jp/jvndb/JVNDB-2017-000091	Third Party Advisory, VDB Entry
vultures@jpcert.or.jp	http://www.toshiba-personalstorage.net/news/20170516a.htm	Vendor Advisory
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN81820501/index.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://jvndb.jvn.jp/jvndb/JVNDB-2017-000091	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.toshiba-personalstorage.net/news/20170516a.htm	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN81820501/index.html	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	toshiba	flashair	*
	toshiba	flashair	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "81FE3A57-D37B-4A63-B644-9296BEB763B1",
              "versionEndIncluding": "2.00.04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "81955C91-8DC4-4626-A84E-556E6E5E8B3C",
              "versionEndIncluding": "3.00.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a web browser."
    },
    {
      "lang": "es",
      "value": "Tarjeta de memoria SDHC de FlashAirTM (Serie SD-WE (W-03)) versi\u00f3n 3.00.02 y anteriores y tarjeta de memoria SDHC de FlashAirTM (Serie SD-WD/WC (W-02)) versi\u00f3n 2.00.04 y anteriores, permite establecer credenciales por defecto para conexiones LAN inal\u00e1mbricas al producto al activar la funci\u00f3n PhotoShare por medio de un navegador web."
    }
  ],
  "id": "CVE-2017-2162",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-22T16:29:00.607",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000091"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://jvn.jp/en/jp/JVN81820501/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000091"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://jvn.jp/en/jp/JVN81820501/index.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

var-201705-3459

Vulnerability from variot

FlashAirTM SDHC Memory Card (SD-WE Series ) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series ) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a web browser. When enabling PhotoShare with a mobile application (either for Android or iOS), the application prompts a user to set credentials. As a result, a remote attacker with access to the wireless LAN may obtain image data by using default credentials (CWE-284). Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If PhotoShare is enabled by web browsers, an attacker with access to the wireless LAN may obtain image data. There is a security hole in FlashAirSDHCMemoryCard

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3459",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "flashair",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "toshiba",
        "version": "3.00.02"
      },
      {
        "model": "flashair",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "toshiba",
        "version": "2.00.04"
      },
      {
        "model": "flashair",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "toshiba",
        "version": "sdhc memory card (sd-wd/wc series \u003cw-02\u003e) v2.00.03"
      },
      {
        "model": "flashair",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "toshiba",
        "version": "sdhc memory card (sd-we series \u003cw-03\u003e) v3.00.01"
      },
      {
        "model": "flashair sdhc memory card",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "toshiba",
        "version": "\u003c=v2.00.04"
      },
      {
        "model": "flashair sdhc memory card",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "toshiba",
        "version": "\u003c=v3.00.02"
      },
      {
        "model": "flashair",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "toshiba",
        "version": "3.00.02"
      },
      {
        "model": "flashair",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "toshiba",
        "version": "2.00.04"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07254"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000091"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-770"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2162"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:toshiba:flashair",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000091"
      }
    ]
  },
  "cve": "CVE-2017-2162",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "id": "CVE-2017-2162",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.0,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 3.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2017-000091",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "id": "CNVD-2017-07254",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2017-2162",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2017-000091",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-2162",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2017-000091",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-07254",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201705-770",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07254"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000091"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-770"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2162"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a web browser. When enabling PhotoShare with a mobile application (either for Android or iOS), the application prompts a user to set credentials. As a result, a remote attacker with access to the wireless LAN may obtain image data by using default credentials (CWE-284). Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If PhotoShare is enabled by web browsers, an attacker with access to the wireless LAN may obtain image data. There is a security hole in FlashAirSDHCMemoryCard",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2162"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000091"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-07254"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000091",
        "trust": 3.0
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2162",
        "trust": 3.0
      },
      {
        "db": "JVN",
        "id": "JVN81820501",
        "trust": 2.4
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-07254",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-770",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07254"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000091"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-770"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2162"
      }
    ]
  },
  "id": "VAR-201705-3459",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07254"
      }
    ],
    "trust": 1.475
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07254"
      }
    ]
  },
  "last_update_date": "2024-11-23T23:05:26.769000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "How to Use the Photoshare function",
        "trust": 0.8,
        "url": "http://www.toshiba-personalstorage.net/support/manual/flashair/wewdwc/photoshare.htm"
      },
      {
        "title": "Photoshare of FlashAir may have a security vulnerability to a fixed password",
        "trust": 0.8,
        "url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
      },
      {
        "title": "SDHC Memory Card with embedded wireless LAN functionality FlashAir (SD-WD/WC series\u003cW-02\u003e)",
        "trust": 0.8,
        "url": "http://www.toshiba-personalstorage.net/endproduct/flashair/index_j.htm"
      },
      {
        "title": "SDHC Memory Card with embedded wireless LAN functionality FlashAir (SD-WE series\u003cW-03\u003e)",
        "trust": 0.8,
        "url": "http://www.toshiba-personalstorage.net/product/flashair/index_j.htm"
      },
      {
        "title": "Patch for FlashAirSDHCMemoryCard Information Disclosure Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/94141"
      },
      {
        "title": "Toshiba FlashAirTM SDHC Memory Card Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70339"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07254"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000091"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-770"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000091"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2162"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://jvn.jp/en/jp/jvn81820501/index.html"
      },
      {
        "trust": 2.2,
        "url": "http://jvndb.jvn.jp/jvndb/jvndb-2017-000091"
      },
      {
        "trust": 1.6,
        "url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2162"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2162"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07254"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000091"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-770"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2162"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07254"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000091"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-770"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2162"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-07254"
      },
      {
        "date": "2017-05-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-000091"
      },
      {
        "date": "2017-05-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201705-770"
      },
      {
        "date": "2017-05-22T16:29:00.607000",
        "db": "NVD",
        "id": "CVE-2017-2162"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-07254"
      },
      {
        "date": "2017-12-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-000091"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201705-770"
      },
      {
        "date": "2024-11-21T03:23:00.703000",
        "db": "NVD",
        "id": "CVE-2017-2162"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-770"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FlashAir do not set credential information in PhotoShare",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000091"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-770"
      }
    ],
    "trust": 0.6
  }
}

gsd-2017-2162

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2017-2162

Aliases

CVE-2017-2162

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-2162",
    "description": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a web browser.",
    "id": "GSD-2017-2162"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-2162"
      ],
      "details": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a web browser.",
      "id": "GSD-2017-2162",
      "modified": "2023-12-13T01:21:05.526041Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2017-2162",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "V3.00.02 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "V2.00.04 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Toshiba Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a web browser."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Configures default credentials"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "JVNDB-2017-000091",
            "refsource": "JVNDB",
            "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000091"
          },
          {
            "name": "JVN#81820501",
            "refsource": "JVN",
            "url": "https://jvn.jp/en/jp/JVN81820501/index.html"
          },
          {
            "name": "http://www.toshiba-personalstorage.net/news/20170516a.htm",
            "refsource": "CONFIRM",
            "url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.00.04",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.00.02",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2017-2162"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a web browser."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#81820501",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://jvn.jp/en/jp/JVN81820501/index.html"
            },
            {
              "name": "http://www.toshiba-personalstorage.net/news/20170516a.htm",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
            },
            {
              "name": "JVNDB-2017-000091",
              "refsource": "JVNDB",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000091"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2017-05-22T16:29Z"
    }
  }
}

cnvd-2017-07254

Vulnerability from cnvd

Title

FlashAir SDHC Memory Card信息泄露漏洞

Description

FlashAir SDHC Memory Card是日本东芝（Toshiba）公司的一款SD存储卡。 FlashAir SDHC Memory Card存在安全漏洞。远程攻击者可以使用默认凭据获取图像数据。

Severity

低

Patch Name

FlashAir SDHC Memory Card信息泄露漏洞的补丁

Patch Description

FlashAir SDHC Memory Card是日本东芝（Toshiba）公司的一款SD存储卡。 FlashAir SDHC Memory Card存在安全漏洞。远程攻击者可以使用默认凭据获取图像数据。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://jvndb.jvn.jp/jvndb/JVNDB-2017-000091

Reference

http://jvndb.jvn.jp/jvndb/JVNDB-2017-000091

Impacted products

Name
['Toshiba FlashAir SDHC Memory Card <=V2.00.04', 'Toshiba FlashAir SDHC Memory Card <=V3.00.02']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2162"
    }
  },
  "description": "FlashAir SDHC Memory Card\u662f\u65e5\u672c\u4e1c\u829d\uff08Toshiba\uff09\u516c\u53f8\u7684\u4e00\u6b3eSD\u5b58\u50a8\u5361\u3002\r\n\r\nFlashAir SDHC Memory Card\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u4f7f\u7528\u9ed8\u8ba4\u51ed\u636e\u83b7\u53d6\u56fe\u50cf\u6570\u636e\u3002",
  "discovererName": "Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc.",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://jvndb.jvn.jp/jvndb/JVNDB-2017-000091",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-07254",
  "openTime": "2017-05-23",
  "patchDescription": "FlashAir SDHC Memory Card\u662f\u65e5\u672c\u4e1c\u829d\uff08Toshiba\uff09\u516c\u53f8\u7684\u4e00\u6b3eSD\u5b58\u50a8\u5361\u3002\r\n\r\nFlashAir SDHC Memory Card\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u4f7f\u7528\u9ed8\u8ba4\u51ed\u636e\u83b7\u53d6\u56fe\u50cf\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "FlashAir SDHC Memory Card\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Toshiba FlashAir SDHC Memory Card \u003c=V2.00.04",
      "Toshiba FlashAir SDHC Memory Card \u003c=V3.00.02"
    ]
  },
  "referenceLink": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000091",
  "serverity": "\u4f4e",
  "submitTime": "2017-05-18",
  "title": "FlashAir SDHC Memory Card\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

ghsa-hpj8-ph69-28m8

Vulnerability from github

Published

2022-05-13 01:44

Modified

2022-05-13 01:44

Severity ?

4.3 (Medium) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-2162"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-22T16:29:00Z",
    "severity": "MODERATE"
  },
  "details": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a web browser.",
  "id": "GHSA-hpj8-ph69-28m8",
  "modified": "2022-05-13T01:44:43Z",
  "published": "2022-05-13T01:44:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2162"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN81820501/index.html"
    },
    {
      "type": "WEB",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000091"
    },
    {
      "type": "WEB",
      "url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-2162 (GCVE-0-2017-2162)

Vulnerability from cvelistv5

CVE-2017-2162

Vulnerability from jvndb

fkie_cve-2017-2162

Vulnerability from fkie_nvd

var-201705-3459

Vulnerability from variot

gsd-2017-2162

Vulnerability from gsd

cnvd-2017-07254

Vulnerability from cnvd

ghsa-hpj8-ph69-28m8

Vulnerability from github

Tags

Sightings

Nomenclature