CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2016-4863
https://notcve.org/view.php?id=CVE-2016-4863
The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later, FlashAir III Class 10 model W-03 series, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later, FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when "Internet pass-thru Mode" is enabled, which allows attackers with access to STA side LAN can obtain files or data. El FlashAir SD-WD/WC serie Clase 6 modelo con versión de firmware 1.00.04 y posterior, FlashAir SD- WD/WC serie Clase 10 modelo W-02 con versión de firmware 2.00.02 y posterior, FlashAir SD-WE serie Clase 10 modelo W-03, FlashAir Clase 6 modelo con versión de firmware 1.00.04 y posterior, FlashAir II Clase 10 modelo W-02 serie con versión de firmware 2.00.02 y posterior, FlashAir III Clase 10 modelo W-03 serie, FlashAir Clase 6 modelo con versión de firmware 1.00.04 y posterior, FlashAir W-02 serie Clase 10 modelo con versión de firmware 2.00.02 y posterior, FlashAir W-03 serie clase 10 el modelo de Toshiba, no requieren la autenticación al aceptar una conexión de LAN del lado STA cuando se habilita el "Internet pass-thru Mode", que permite que los atacantes con acceso a LAN del lado STA puedan obtener archivos o datos. • http://jvndb.jvn.jp/jvndb/JVNDB-2016-000168 http://www.securityfocus.com/bid/93479 https://jvn.jp/en/jp/JVN39619137/index.html • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 0CVE-2017-2149
https://notcve.org/view.php?id=CVE-2017-2149
Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series<W-03>) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series<W-02>) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. Vulnerabilidad de ruta de búsqueda no confiable en los instaladores de software: Software Update Tool V1.00.03 y versiones anteriores para tarjetas de memoria SDHC/SDXC con funcionalidad NFC integrada, FlashAir Configuration Software V3.0.2 y versiones anteriores para tarjetas de memoria SDHC con funcionalidad LAN inalámbrica integrada, FlashAir Software Update tool (SD-WE series) V3.00.01 para tarjetas de memoria SDHC con funcionalidad LAN inalámbrica integrada, FlashAir Software Update tool (SD-WD/WC series) V2.00.03 y versiones anteriores para tarjetas de memoria SDHC con funcionalidad LAN inalámbrica integrada, FlashAir Software Update tool (SD-WB/WL series) V1.00.04 y versiones anteriores para tarjetas de memoria SDHC con funcionalidad LAN inalámbrica integrada, Configuration Software V1.02 y versiones anteriores para tarjetas de memoria SDHC con funcionalidad TransferJet integrada, Software Update tool V1.00.06 y versiones anteriores para tarjetas de memoria SDHC con funcionalidad TransferJet integrada, permite a atacantes remotos obtener privilegios a través de una DLL troyanizada en un directorio no especificado. • http://jvn.jp/en/jp/JVN05340816/index.html http://www.securityfocus.com/bid/97697 http://www.toshiba-personalstorage.net/news/20170414.htm • CWE-426: Untrusted Search Path •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4840
https://notcve.org/view.php?id=CVE-2016-4840
Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates. Coordinate Plus App para Android 1.0.2 y versiones anteriores y Coordinate Plus App para iOS 1.0.2 y versiones anteriores no verifican certificados SSL. • http://jvn.jp/en/jp/JVN06920277/index.html http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000133.html http://www.securityfocus.com/bid/92314 • CWE-295: Improper Certificate Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4876
https://notcve.org/view.php?id=CVE-2014-4876
Toshiba 4690 Operating System 6 Release 3, when the ADXSITCF logical name is not properly restricted, allows remote attackers to read potentially sensitive system environment variables via a crafted request to TCP port 54138. Toshiba 4690 Operating System 6 Release 3, cuando el nombre lógico ADXSITCF no está correctamente restringido, permite a atacantes remotos leer variables de entorno potencialmente sensibles a través de una petición manipulada al puerto TCP 54138. • https://www.kb.cert.org/vuls/id/924506 https://www.kb.cert.org/vuls/id/JLAD-9X4TDL • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4875
https://notcve.org/view.php?id=CVE-2014-4875
CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access. CreateBossCredentials.jar en Toshiba CHEC anterior a 6.6 build 4014 y 6.7 anterior a build 4329 contiene una clave AES embebida, lo que permite a atacantes descubrir las credenciales de la base de datos Back Office System Server (BOSS) DB2 mediante el aprovechamiento de conocimiento de esta clave en conjunto con el acceso de lectura a bossinfo.pro. • http://www.kb.cert.org/vuls/id/301788 http://www.kb.cert.org/vuls/id/JLAD-9X4SPN • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-255: Credentials Management Errors •