Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistJpcertCVELIST:CVE-2016-4863
HistoryMay 22, 2017 - 4:00 p.m.

CVE-2016-4863

2017-05-2216:00:00
jpcert
www.cve.org

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.1%

JSON

The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later, FlashAir III Class 10 model W-03 series, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later, FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when “Internet pass-thru Mode” is enabled, which allows attackers with access to STA side LAN can obtain files or data.

CNA Affected

[
  {
    "product": "FlashAir SD-WD/WC series Class 6 model",
    "vendor": "Toshiba",
    "versions": [
      {
        "status": "affected",
        "version": "firmware version 1.00.04 and later"
      }
    ]
  },
  {
    "product": "FlashAir SD-WD/WC series Class 10 model W-02",
    "vendor": "Toshiba",
    "versions": [
      {
        "status": "affected",
        "version": "firmware version 2.00.02 and later"
      }
    ]
  },
  {
    "product": "FlashAir SD-WE series Class 10 model W-03",
    "vendor": "Toshiba",
    "versions": [
      {
        "status": "affected",
        "version": "all firmware versions"
      }
    ]
  },
  {
    "product": "FlashAir Class 6 model",
    "vendor": "Toshiba",
    "versions": [
      {
        "status": "affected",
        "version": "firmware version 1.00.04 and later"
      }
    ]
  },
  {
    "product": "FlashAir II Class 10 model W-02 series",
    "vendor": "Toshiba",
    "versions": [
      {
        "status": "affected",
        "version": "firmware version 2.00.02 and later"
      }
    ]
  },
  {
    "product": "FlashAir III Class 10 model W-03 series",
    "vendor": "Toshiba",
    "versions": [
      {
        "status": "affected",
        "version": "all firmware versions"
      }
    ]
  },
  {
    "product": "FlashAir Class 6 model",
    "vendor": "Toshiba",
    "versions": [
      {
        "status": "affected",
        "version": "firmware version 1.00.04 and later"
      }
    ]
  },
  {
    "product": "FlashAir W-02 series Class 10 model",
    "vendor": "Toshiba",
    "versions": [
      {
        "status": "affected",
        "version": "firmware version 2.00.02 and later"
      }
    ]
  },
  {
    "product": "FlashAir W-03 series Class 10 model",
    "vendor": "Toshiba",
    "versions": [
      {
        "status": "affected",
        "version": "all firmware versions"
      }
    ]
  }
]

Related

jvn 1
cve 1
nvd 1
prion 1
jvn
jvn
JVN#39619137: Toshiba FlashAir does not require authentication in "Internet pass-thru Mode"
2016-10-07 00:00:00
cve
cve
CVE-2016-4863
2017-05-22 16:29:00
nvd
nvd
CVE-2016-4863
2017-05-22 16:29:00
prion
prion
Authentication flaw
2017-05-22 16:29:00

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.1%

JSON
Related for CVELIST:CVE-2016-4863
jvn1cve1nvd1prion1