CVE-2016-4863
3.3 Low
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:L/Au:N/C:P/I:N/A:N
4.3 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
37.1%
The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later, FlashAir III Class 10 model W-03 series, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later, FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when “Internet pass-thru Mode” is enabled, which allows attackers with access to STA side LAN can obtain files or data.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| toshiba | flashair | 1.00.04 | cpe:2.3:a:toshiba:flashair:1.00.04:*:*:*:*:*:*:* |
| toshiba | flashair | 2.00.02 | cpe:2.3:a:toshiba:flashair:2.00.02:*:*:*:*:*:*:* |
| toshiba | flashair | 1.00.04 | cpe:2.3:a:toshiba:flashair:1.00.04:*:*:*:*:*:*:* |
| toshiba | flashair | 2.00.02 | cpe:2.3:a:toshiba:flashair:2.00.02:*:*:*:*:*:*:* |
| toshiba | flashair | 1.00.04 | cpe:2.3:a:toshiba:flashair:1.00.04:*:*:*:*:*:*:* |
| toshiba | flashair | 2.00.02 | cpe:2.3:a:toshiba:flashair:2.00.02:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "FlashAir SD-WD/WC series Class 6 model",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "firmware version 1.00.04 and later"
}
]
},
{
"product": "FlashAir SD-WD/WC series Class 10 model W-02",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "firmware version 2.00.02 and later"
}
]
},
{
"product": "FlashAir SD-WE series Class 10 model W-03",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"product": "FlashAir Class 6 model",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "firmware version 1.00.04 and later"
}
]
},
{
"product": "FlashAir II Class 10 model W-02 series",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "firmware version 2.00.02 and later"
}
]
},
{
"product": "FlashAir III Class 10 model W-03 series",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"product": "FlashAir Class 6 model",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "firmware version 1.00.04 and later"
}
]
},
{
"product": "FlashAir W-02 series Class 10 model",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "firmware version 2.00.02 and later"
}
]
},
{
"product": "FlashAir W-03 series Class 10 model",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
}
]References
Social References
More
Related
3.3 Low
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:L/Au:N/C:P/I:N/A:N
4.3 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
37.1%