CVE-2016-4863
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later, FlashAir III Class 10 model W-03 series, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later, FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when "Internet pass-thru Mode" is enabled, which allows attackers with access to STA side LAN can obtain files or data.
El FlashAir SD-WD/WC serie Clase 6 modelo con versión de firmware 1.00.04 y posterior, FlashAir SD- WD/WC serie Clase 10 modelo W-02 con versión de firmware 2.00.02 y posterior, FlashAir SD-WE serie Clase 10 modelo W-03, FlashAir Clase 6 modelo con versión de firmware 1.00.04 y posterior, FlashAir II Clase 10 modelo W-02 serie con versión de firmware 2.00.02 y posterior, FlashAir III Clase 10 modelo W-03 serie, FlashAir Clase 6 modelo con versión de firmware 1.00.04 y posterior, FlashAir W-02 serie Clase 10 modelo con versión de firmware 2.00.02 y posterior, FlashAir W-03 serie clase 10 el modelo de Toshiba, no requieren la autenticación al aceptar una conexión de LAN del lado STA cuando se habilita el "Internet pass-thru Mode", que permite que los atacantes con acceso a LAN del lado STA puedan obtener archivos o datos.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-05-17 CVE Reserved
- 2017-05-22 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2016-000168 | Third Party Advisory | |
| http://www.securityfocus.com/bid/93479 | Third Party Advisory | |
| https://jvn.jp/en/jp/JVN39619137/index.html | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Toshiba Search vendor "Toshiba" | Flashair Search vendor "Toshiba" for product "Flashair" | <= 1.00.03 Search vendor "Toshiba" for product "Flashair" and version " <= 1.00.03" | - |
Affected
| ||||||
| Toshiba Search vendor "Toshiba" | Flashair Search vendor "Toshiba" for product "Flashair" | <= 1.00.04 Search vendor "Toshiba" for product "Flashair" and version " <= 1.00.04" | - |
Affected
| ||||||
| Toshiba Search vendor "Toshiba" | Flashair Search vendor "Toshiba" for product "Flashair" | <= 1.00.06 Search vendor "Toshiba" for product "Flashair" and version " <= 1.00.06" | - |
Affected
| ||||||
| Toshiba Search vendor "Toshiba" | Flashair Search vendor "Toshiba" for product "Flashair" | <= 1.02 Search vendor "Toshiba" for product "Flashair" and version " <= 1.02" | - |
Affected
| ||||||
| Toshiba Search vendor "Toshiba" | Flashair Search vendor "Toshiba" for product "Flashair" | <= 2.00.03 Search vendor "Toshiba" for product "Flashair" and version " <= 2.00.03" | - |
Affected
| ||||||
| Toshiba Search vendor "Toshiba" | Flashair Search vendor "Toshiba" for product "Flashair" | <= 3.00.01 Search vendor "Toshiba" for product "Flashair" and version " <= 3.00.01" | - |
Affected
| ||||||
| Toshiba Search vendor "Toshiba" | Flashair Search vendor "Toshiba" for product "Flashair" | <= 3.0.2 Search vendor "Toshiba" for product "Flashair" and version " <= 3.0.2" | - |
Affected
| ||||||