CVE-2017-2161
low
CVSS v3
3.5
CVSS v4 NEW
โ
VIR risk
3.5
Description
FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors.
Predictions
Exploit likelihood
35%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| toshiba | flashair | {"endIncluding":"2.00.04"} | |
References
- http://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000090.html
- http://www.toshiba-personalstorage.net/news/20170516a.htm
- https://jvn.jp/en/jp/JVN46372675/index.html
- http://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000090.html
- http://www.toshiba-personalstorage.net/news/20170516a.htm
- https://jvn.jp/en/jp/JVN46372675/index.html
CWEs
CWE-425
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.