Details of VAR-201705-3458

ID

VAR-201705-3458

CVE

CVE-2017-2161

TITLE

FlashAir fails to restrict access permissions in PhotoShare

Trust: 0.8

sources: JVNDB: JVNDB-2017-000090

DESCRIPTION

FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors. FlashAir by Toshiba Corporation is an SDHC memory card which provides wireless LAN access functions. FlashAir PhotoShare function enables to share the selected data with other users as it switches the original wireless LAN connection set by FlashAir default to the wireless LAN connection for PhotoShare. FlashAir fails to restrict access permissions (CWE-425) in PhotoShare. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A user who access PhotoShare may obtain image data that are set not to be shared with other users. Because of the vulnerability stated in JVN#81820501, when enabling PhotoShare with web browsers, an attacker with access to the wireless LAN may obtain these image data. A security vulnerability exists in FlashAirSDHCMemoryCard 2.00.04 and earlier and versions prior to 3.00.02

Trust: 2.25

sources: NVD: CVE-2017-2161 // JVNDB: JVNDB-2017-000090 // CNVD: CNVD-2017-07205 // VULMON: CVE-2017-2161

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-07205

AFFECTED PRODUCTS

vendor:	toshiba	model:	flashair	scope:	lte	version:	2.00.04	Trust: 1.0
vendor:	toshiba	model:	flashair	scope:	lte	version:	3.00.02	Trust: 1.0
vendor:	toshiba	model:	flashair	scope:	lte	version:	sdhc memory card (sd-wd/wc series <w-02>) v2.00.04	Trust: 0.8
vendor:	toshiba	model:	flashair	scope:	lte	version:	sdhc memory card (sd-we series <w-03>) v3.00.02	Trust: 0.8
vendor:	toshiba	model:	flashair sdhc memory card	scope:	lte	version:	<=v2.00.04	Trust: 0.6
vendor:	toshiba	model:	flashair sdhc memory card	scope:	lte	version:	<=v3.00.02	Trust: 0.6
vendor:	toshiba	model:	flashair	scope:	eq	version:	3.00.02	Trust: 0.6
vendor:	toshiba	model:	flashair	scope:	eq	version:	2.00.04	Trust: 0.6

sources: CNVD: CNVD-2017-07205 // JVNDB: JVNDB-2017-000090 // CNNVD: CNNVD-201705-771 // NVD: CVE-2017-2161

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2161
value:	LOW
Trust: 1.0
IPA:	JVNDB-2017-000090
value:	LOW
Trust: 0.8
CNVD:	CNVD-2017-07205
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201705-771
value:	LOW
Trust: 0.6
VULMON:	CVE-2017-2161
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-2161
severity:	LOW
baseScore:	2.7
vectorString:	AV:A/AC:L/AU:S/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	5.1
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
IPA:	JVNDB-2017-000090
severity:	LOW
baseScore:	2.7
vectorString:	AV:A/AC:L/AU:S/C:P/I:N/A:N
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2017-07205
severity:	LOW
baseScore:	2.7
vectorString:	AV:A/AC:L/AU:S/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	5.1
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-2161
baseSeverity:	LOW
baseScore:	3.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.1
impactScore:	1.4
version:	3.0
Trust: 1.0
IPA:	JVNDB-2017-000090
baseSeverity:	LOW
baseScore:	3.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2017-07205 // VULMON: CVE-2017-2161 // JVNDB: JVNDB-2017-000090 // CNNVD: CNNVD-201705-771 // NVD: CVE-2017-2161

PROBLEMTYPE DATA

problemtype:	CWE-425	Trust: 1.0
problemtype:	CWE-284	Trust: 0.8

sources: JVNDB: JVNDB-2017-000090 // NVD: CVE-2017-2161

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201705-771

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201705-771

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-000090

PATCH

title:	How to Use the Photoshare function	url:	http://www.toshiba-personalstorage.net/support/manual/flashair/wewdwc/photoshare.htm	Trust: 0.8
title:	SDHC Memory Card with embedded wireless LAN functionality FlashAir(SD-WD/WC series<W-02>)	url:	http://www.toshiba-personalstorage.net/endproduct/flashair/index_j.htm	Trust: 0.8
title:	SDHC Memory Card with embedded wireless LAN functionality FlashAir(SD-WE series<W-03>)	url:	http://www.toshiba-personalstorage.net/product/flashair/index_j.htm	Trust: 0.8
title:	Photoshare of FlashAir may have a security vulnerability to access restriction	url:	http://www.toshiba-personalstorage.net/news/20170516a.htm	Trust: 0.8
title:	FlashAirSDHCMemoryCard has an unexplained patch	url:	https://www.cnvd.org.cn/patchInfo/show/94095	Trust: 0.6
title:	Toshiba FlashAirTM SDHC Memory Card Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70340	Trust: 0.6

sources: CNVD: CNVD-2017-07205 // JVNDB: JVNDB-2017-000090 // CNNVD: CNNVD-201705-771

EXTERNAL IDS

db:	JVNDB	id:	JVNDB-2017-000090	Trust: 3.1
db:	NVD	id:	CVE-2017-2161	Trust: 3.1
db:	JVN	id:	JVN46372675	Trust: 2.5
db:	CNVD	id:	CNVD-2017-07205	Trust: 0.6
db:	CNNVD	id:	CNNVD-201705-771	Trust: 0.6
db:	VULMON	id:	CVE-2017-2161	Trust: 0.1

sources: CNVD: CNVD-2017-07205 // VULMON: CVE-2017-2161 // JVNDB: JVNDB-2017-000090 // CNNVD: CNNVD-201705-771 // NVD: CVE-2017-2161

REFERENCES

url:	https://jvn.jp/en/jp/jvn46372675/index.html	Trust: 2.5
url:	http://www.toshiba-personalstorage.net/news/20170516a.htm	Trust: 1.7
url:	http://jvndb.jvn.jp/en/contents/2017/jvndb-2017-000090.html	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2161	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2161	Trust: 0.8
url:	http://jvndb.jvn.jp/jvndb/jvndb-2017-000090	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/425.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2017-07205 // VULMON: CVE-2017-2161 // JVNDB: JVNDB-2017-000090 // CNNVD: CNNVD-201705-771 // NVD: CVE-2017-2161

SOURCES

db:	CNVD	id:	CNVD-2017-07205
db:	VULMON	id:	CVE-2017-2161
db:	JVNDB	id:	JVNDB-2017-000090
db:	CNNVD	id:	CNNVD-201705-771
db:	NVD	id:	CVE-2017-2161

LAST UPDATE DATE

2025-04-20T23:35:50.334000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-07205	date:	2017-05-23T00:00:00
db:	VULMON	id:	CVE-2017-2161	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-000090	date:	2017-12-21T00:00:00
db:	CNNVD	id:	CNNVD-201705-771	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-2161	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-07205	date:	2017-05-23T00:00:00
db:	VULMON	id:	CVE-2017-2161	date:	2017-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2017-000090	date:	2017-05-16T00:00:00
db:	CNNVD	id:	CNNVD-201705-771	date:	2017-05-17T00:00:00
db:	NVD	id:	CVE-2017-2161	date:	2017-05-22T16:29:00.560