CVE-2016-4863
Summary
| CVE | CVE-2016-4863 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-05-22 16:29:00 UTC |
| Updated | 2017-06-12 17:12:00 UTC |
| Description | The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later, FlashAir III Class 10 model W-03 series, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later, FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when "Internet pass-thru Mode" is enabled, which allows attackers with access to STA side LAN can obtain files or data. |
Risk And Classification
Problem Types: CWE-287
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Toshiba | Flashair | All | All | All | All |
| Application | Toshiba | Flashair | All | All | All | All |
| Application | Toshiba | Flashair | All | All | All | All |
| Application | Toshiba | Flashair | All | All | All | All |
| Application | Toshiba | Flashair | All | All | All | All |
| Application | Toshiba | Flashair | All | All | All | All |
| Application | Toshiba | Flashair | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Multiple Toshiba FlashAir Products CVE-2016-4863 Security Bypass Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| JVNDB-2016-000168 | JVNDB | jvndb.jvn.jp | Third Party Advisory, VDB Entry |
| JVN#39619137: Toshiba FlashAir does not require authentication in "Internet pass-thru Mode" | JVN | jvn.jp | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.