JVN#81820501: FlashAir do not set credential information in PhotoShare

FlashAirTM by Toshiba Corporation is an SDHC memory card which provides wireless LAN access functions. FlashAirTM PhotoShare function enables to share the image data in a certain folder with other users as it switches the original wireless LAN connection set by FlashAirTM default to the wireless LAN connection for PhotoShare.

When enabling PhotoShare with a mobile application (either for Android or iOS), the application prompts a user to set credentials. But when enabling PhotoShare with web browsers, the wireless LAN connection for PhotoShare cannot be enabled, and default credentials are set to the other wireless network configured to the device. As a result, a remote attacker with access to the wireless LAN may obtain image data by using default credentials (CWE-284).

Impact

If PhotoShare is enabled by web browsers, an attacker with access to the wireless LAN may obtain image data.

Solution

Use mobile application
When enabling PhotoShare, use the mobile application (either for Android or for iOS) to set SSID and password.
According to the developer, firmware versions listed below and later disable PhotoShare setting from web browsers.

• FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02
• FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04

Products Affected

• FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.01 and earlier
• FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.03 and earlier