CVE-2017-2149

🗓️ 28 Apr 2017 16:00:00Reported by jpcertType

Untrusted search path vulnerability in SDHC/SDXC Memory Card software installer

Reporter	Title	Published	Views	Family All 7
CNVD	Multiple Toshiba Memory Card Installer Untrustworthy Search Path Vulnerability	17 May 201700:00	–	cnvd
CVE	CVE-2017-2149	28 Apr 201716:00	–	cve
EUVD	EUVD-2017-11332	7 Oct 202500:30	–	euvd
Japan Vulnerability Notes	JVN#05340816: Multiple installers of Toshiba memory card related software may insecurely load Dynamic Link Libraries	14 Apr 201700:00	–	jvn
Japan Vulnerability Notes	Multiple installers of Toshiba memory card related software may insecurely load Dynamic Link Libraries	14 Apr 201705:09	–	jvn
NVD	CVE-2017-2149	28 Apr 201716:59	–	nvd
Prion	Design/Logic Flaw	28 Apr 201716:59	–	prion

[
  {
    "product": "Installer for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool",
    "vendor": "Toshiba Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "V1.00.03 and earlier"
      }
    ]
  },
  {
    "product": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Configuration Software",
    "vendor": "Toshiba Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "V3.0.2 and earlier"
      }
    ]
  },
  {
    "product": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WE series<W-03>)",
    "vendor": "Toshiba Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "V3.00.01"
      }
    ]
  },
  {
    "product": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WD/WC series<W-02>)",
    "vendor": "Toshiba Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "V2.00.03 and earlier"
      }
    ]
  },
  {
    "product": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WB/WL series)",
    "vendor": "Toshiba Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "V1.00.04 and earlier"
      }
    ]
  },
  {
    "product": "Installer for SDHC Memory Card with embedded TransferJetTM functionality Configuration Software",
    "vendor": "Toshiba Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "V1.02 and earlier"
      }
    ]
  },
  {
    "product": "Installer for SDHC Memory Card with embedded TransferJetTM functionality Software Update tool",
    "vendor": "Toshiba Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "V1.00.06 and earlier"
      }
    ]
  }
]

Source	Link
securityfocus	www.securityfocus.com/bid/97697
jvn	www.jvn.jp/en/jp/JVN05340816/index.html
toshiba-personalstorage	www.toshiba-personalstorage.net/news/20170414.htm

01 May 2017 09:57Current

8.9High risk

Vulners AI Score8.9

EPSS0.07542