CVE-2016-4863 Information

Description

The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later FlashAir SD-WE series Class 10 model W-03 FlashAir Class 6 model with firmware version 1.00.04 and later FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later FlashAir III Class 10 model W-03 series FlashAir Class 6 model with firmware version 1.00.04 and later FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when \Internet pass-thru Mode\ is enabled which allows attackers with access to STA side LAN can obtain files or data.

CVSS Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Reference

http://jvndb.jvn.jp/jvndb/JVNDB-2016-000168 http://www.securityfocus.com/bid/93479 https://jvn.jp/en/jp/JVN39619137/index.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

4.3