CVE-2016-4863

Name of the Vulnerable Software and Affected Versions Toshiba FlashAir SD-WD/WC series Class 6 model version 1.00.04 and later Toshiba FlashAir SD-WD/WC series Class 10 model W-02 version 2.00.02 and later Toshiba FlashAir SD-WE series Class 10 model W-03 Toshiba FlashAir II Class 10 model W-02 series version 2.00.02 and later Toshiba FlashAir III Class 10 model W-03 series Toshiba FlashAir W-02 series Class 10 model version 2.00.02 and later Toshiba FlashAir W-03 series Class 10 model

Description The issue allows attackers with access to the STA side LAN to obtain files or data when "Internet pass-thru Mode" is enabled, as no authentication is required for accepting connections.

Recommendations For Toshiba FlashAir SD-WD/WC series Class 6 model version 1.00.04 and later, consider disabling "Internet pass-thru Mode" until a patch is available. For Toshiba FlashAir SD-WD/WC series Class 10 model W-02 version 2.00.02 and later, restrict access to the LAN to minimize the risk of exploitation. For Toshiba FlashAir SD-WE series Class 10 model W-03, avoid using "Internet pass-thru Mode" until the issue is resolved. For Toshiba FlashAir II Class 10 model W-02 series version 2.00.02 and later, restrict access to the STA side LAN to prevent unauthorized access. For Toshiba FlashAir III Class 10 model W-03 series, consider implementing additional authentication measures for the "Internet pass-thru Mode". For Toshiba FlashAir W-02 series Class 10 model version 2.00.02 and later, disable "Internet pass-thru Mode" as a temporary workaround. For Toshiba FlashAir W-03 series Class 10 model, restrict access to the "Internet pass-thru Mode" feature until a fix is available.