Vulnerability Description
Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for RC-S320, RC-S310/J1C, RC-S310/ED4C), PC/SC Activator for Type B Ver.1.2.1.0 and earlier, SFCard Viewer 2 Ver.2.5.0.0 and earlier, NFC Net Installer Ver.1.1.0.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sony | Nfc Port Firmware | <= 5.5.0.6 |
| Sony | Rc-S310 | - |
| Sony | Rc-S320 | - |
| Sony | Rc-S330 | - |
| Sony | Rc-S370 | - |
| Sony | Rc-S380 | - |
| Sony | Rc-S380\/S | - |
| Sony | Rc-S310\/Ed4C | - |
| Sony | Rc-S310\/J1C | - |
| Sony | Pc\/Sc Activator For Type B | <= 1.2.1.0 |
| Sony | Sfcard Viewer 2 | 2.5.0.0 |
| Sony | Nfc Net Installer | <= 1.1.0.0 |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/jp/JVN16136413/index.htmlThird Party AdvisoryVDB Entry
- https://jvn.jp/en/jp/JVN16136413/index.htmlThird Party AdvisoryVDB Entry
FAQ
What is CVE-2017-2286?
CVE-2017-2286 is a vulnerability with a CVSS score of 7.8 (HIGH). Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for RC...
How severe is CVE-2017-2286?
CVE-2017-2286 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-2286?
Check the references section above for vendor advisories and patch information. Affected products include: Sony Nfc Port Firmware, Sony Rc-S310, Sony Rc-S320, Sony Rc-S330, Sony Rc-S370.