[Japanese]

JVNDB-2017-000091

FlashAir do not set credential information in PhotoShare

Overview

FlashAir by Toshiba Corporation is an SDHC memory card which provides wireless LAN access functions. FlashAir PhotoShare function enables to share the image data in a certain folder with other users as it switches the original wireless LAN connection set by FlashAir default to the wireless LAN connection for PhotoShare.

When enabling PhotoShare with a mobile application (either for Android or iOS), the application prompts a user to set credentials. But when enabling PhotoShare with web browsers, the wireless LAN connection for PhotoShare cannot be enabled, and default credentials are set to the other wireless network configured to the device. As a result, a remote attacker with access to the wireless LAN may obtain image data by using default credentials (CWE-284).

Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

Base Metrics: 3.3 (Low) [IPA Score]
  • Access Vector: Adjacent Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None

CVSS V3 Severity:
Base Metrics: 4.3 (Medium) [IPA Score]
  • Access Vector: Adjacent
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None
Affected Products


TOSHIBA
  • FlashAir SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.03 and earlier
  • FlashAir SDHC Memory Card (SD-WE Series <W-03>) V3.00.01 and earlier

Impact

If PhotoShare is enabled by web browsers, an attacker with access to the wireless LAN may obtain image data.
Solution

[Use mobile application]
When enabling PhotoShare, use the mobile application (either for Android or for iOS) to set SSID and password.
According to the developer, firmware versions listed below and later disable PhotoShare setting from web browsers.

FlashAir SDHC Memory Card (SD-WE Series <W-03>) V3.00.02
FlashAir SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04
Vendor Information

TOSHIBA
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2017-2162
References

  1. JVN : JVN#81820501
Revision History

[2017/05/16]
  Web page was published