VYPR
Get started
← All advisories
High severity8.8NVD Advisory· Published Apr 28, 2017· Updated May 13, 2026

CVE-2017-2149

CVE-2017-2149

Description

Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series<W-03>) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series<W-02>) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

Affected products

8
  • Toshiba/Flashair
    cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*
    Range: <=1.00.03
  • Toshiba Corporation/Installer for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Toolv5
    Range: V1.00.03 and earlier
  • Toshiba Corporation/Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Configuration Softwarev5
    Range: V3.0.2 and earlier
  • Toshiba Corporation/Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WE series<W-03>)v5
    Range: V3.00.01
  • Toshiba Corporation/Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WD/WC series<W-02>)v5
    Range: V2.00.03 and earlier
  • Toshiba Corporation/Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WB/WL series)v5
    Range: V1.00.04 and earlier
  • Toshiba Corporation/Installer for SDHC Memory Card with embedded TransferJetTM functionality Configuration Softwarev5
    Range: V1.02 and earlier
  • Toshiba Corporation/Installer for SDHC Memory Card with embedded TransferJetTM functionality Software Update toolv5
    Range: V1.00.06 and earlier

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.