3.3 Low
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:L/Au:N/C:P/I:N/A:N
4.3 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.001 Low
EPSS
Percentile
38.9%
FlashAirTM by Toshiba Corporation is an SDHC memory card which provides wireless LAN access functions. FlashAirTM PhotoShare function enables to share the image data in a certain folder with other users as it switches the original wireless LAN connection set by FlashAirTM default to the wireless LAN connection for PhotoShare.
When enabling PhotoShare with a mobile application (either for Android or iOS), the application prompts a user to set credentials. But when enabling PhotoShare with web browsers, the wireless LAN connection for PhotoShare cannot be enabled, and default credentials are set to the other wireless network configured to the device. As a result, a remote attacker with access to the wireless LAN may obtain image data by using default credentials (CWE-284).
If PhotoShare is enabled by web browsers, an attacker with access to the wireless LAN may obtain image data.
Use mobile application
When enabling PhotoShare, use the mobile application (either for Android or for iOS) to set SSID and password.
According to the developer, firmware versions listed below and later disable PhotoShare setting from web browsers.
3.3 Low
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:L/Au:N/C:P/I:N/A:N
4.3 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.001 Low
EPSS
Percentile
38.9%