Vulnerability Details : CVE-2017-2161
FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors.
Exploit prediction scoring system (EPSS) score for CVE-2017-2161
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 18 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-2161
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
2.7
|
LOW | AV:A/AC:L/Au:S/C:P/I:N/A:N |
5.1
|
2.9
|
NIST |
|
3.5
|
LOW | CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.1
|
1.4
|
NIST |
CWE ids for CVE-2017-2161
-
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-2161
-
http://www.toshiba-personalstorage.net/news/20170516a.htm
FlashAir™のフォトシェア機能におけるパスワードの固定の脆弱性について|東芝:メモリVendor Advisory
-
https://jvn.jp/en/jp/JVN46372675/index.html
JVN#46372675: FlashAir fails to restrict access permissions in PhotoShareThird Party Advisory;VDB Entry
-
http://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000090.html
JVNDB-2017-000090 - JVN iPediaThird Party Advisory;VDB Entry
Products affected by CVE-2017-2161
- cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*
- cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*