CVE-2017-2149

Name of the Vulnerable Software and Affected Versions SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool versions V1.00.03 and earlier SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software versions V3.0.2 and earlier SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series) version V3.00.01 SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series) versions V2.00.03 and earlier SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) versions V1.00.04 and earlier SDHC Memory Card with embedded TransferJet functionality Configuration Software versions V1.02 and earlier SDHC Memory Card with embedded TransferJet functionality Software Update tool versions V1.00.06 and earlier

Description The issue allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. This is due to an untrusted search path vulnerability in the installers of the affected software.

Recommendations For SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool versions V1.00.03 and earlier, update to a version later than V1.00.03. For SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software versions V3.0.2 and earlier, update to a version later than V3.0.2. For SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series) version V3.00.01, update to a version later than V3.00.01. For SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series) versions V2.00.03 and earlier, update to a version later than V2.00.03. For SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) versions V1.00.04 and earlier, update to a version later than V1.00.04. For SDHC Memory Card with embedded TransferJet functionality Configuration Software versions V1.02 and earlier, update to a version later than V1.02. For SDHC Memory Card with embedded TransferJet functionality Software Update tool versions V1.00.06 and earlier, update to a version later than V1.00.06.