Search criteria
30 vulnerabilities found for hem-gw16a_firmware by toshiba
FKIE_CVE-2018-16201
Vulnerability from fkie_nvd - Published: 2019-01-09 23:29 - Updated: 2024-11-21 03:52
Severity ?
Summary
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| toshiba | hem-gw16a_firmware | * | |
| toshiba | hem-gw16a | - | |
| toshiba | hem-gw26a_firmware | * | |
| toshiba | hem-gw26a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:toshiba:hem-gw16a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E768A13-4373-4211-9D77-6D02BC377EC9",
"versionEndIncluding": "1.2.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:toshiba:hem-gw16a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9C8238-D8C8-46CD-993F-3A49C1627BE1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:toshiba:hem-gw26a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59EC2236-60EA-4E49-A337-D32EAE51FDED",
"versionEndIncluding": "1.2.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:toshiba:hem-gw26a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D699E38-BB97-4831-B5BF-E1DF1735ABEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands."
},
{
"lang": "es",
"value": "La puerta de enlace Toshiba Home HEM-GW16A, en versiones 1.2.9 y anteriores, y la puerta de enlace Toshiba Home HEM-GW26A, en versiones 1.2.9 y anteriores, emplea credenciales embebidas, lo que podr\u00eda permitir que un atacante en el mismo segmento de red inicie sesi\u00f3n en la pantalla de opciones de administrador y cambie la configuraci\u00f3n o ejecute comandos arbitrarios del sistema operativo."
}
],
"id": "CVE-2018-16201",
"lastModified": "2024-11-21T03:52:16.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-09T23:29:04.887",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-16198
Vulnerability from fkie_nvd - Published: 2019-01-09 23:29 - Updated: 2024-11-21 03:52
Severity ?
Summary
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| toshiba | hem-gw16a_firmware | * | |
| toshiba | hem-gw16a | - | |
| toshiba | hem-gw26a_firmware | * | |
| toshiba | hem-gw26a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:toshiba:hem-gw16a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E768A13-4373-4211-9D77-6D02BC377EC9",
"versionEndIncluding": "1.2.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:toshiba:hem-gw16a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9C8238-D8C8-46CD-993F-3A49C1627BE1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:toshiba:hem-gw26a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59EC2236-60EA-4E49-A337-D32EAE51FDED",
"versionEndIncluding": "1.2.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:toshiba:hem-gw26a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D699E38-BB97-4831-B5BF-E1DF1735ABEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device."
},
{
"lang": "es",
"value": "La puerta de enlace Toshiba Home HEM-GW16A, en versiones 1.2.9 y anteriores, y la puerta de enlace Toshiba Home HEM-GW26A, en versiones 1.2.9 y anteriores, podr\u00edan permitir que un atacante en el mismo segmento de red acceda a una pantalla de desarrollo no documentada para realizar operaciones en el dispositivo afectado."
}
],
"id": "CVE-2018-16198",
"lastModified": "2024-11-21T03:52:16.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-09T23:29:04.683",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-16200
Vulnerability from fkie_nvd - Published: 2019-01-09 23:29 - Updated: 2024-11-21 03:52
Severity ?
Summary
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| toshiba | hem-gw16a_firmware | * | |
| toshiba | hem-gw16a | - | |
| toshiba | hem-gw26a_firmware | * | |
| toshiba | hem-gw26a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:toshiba:hem-gw16a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E768A13-4373-4211-9D77-6D02BC377EC9",
"versionEndIncluding": "1.2.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:toshiba:hem-gw16a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9C8238-D8C8-46CD-993F-3A49C1627BE1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:toshiba:hem-gw26a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59EC2236-60EA-4E49-A337-D32EAE51FDED",
"versionEndIncluding": "1.2.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:toshiba:hem-gw26a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D699E38-BB97-4831-B5BF-E1DF1735ABEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands."
},
{
"lang": "es",
"value": "La puerta de enlace Toshiba Home HEM-GW16A, en versiones 1.2.9 y anteriores, y la puerta de enlace Toshiba Home HEM-GW26A, en versiones 1.2.9 y anteriores, permiten que un atacante en el mismo segmento de red ejecute comandos arbitrarios del sistema operativo."
}
],
"id": "CVE-2018-16200",
"lastModified": "2024-11-21T03:52:16.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-09T23:29:04.810",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-16199
Vulnerability from fkie_nvd - Published: 2019-01-09 23:29 - Updated: 2024-11-21 03:52
Severity ?
Summary
Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| toshiba | hem-gw16a_firmware | * | |
| toshiba | hem-gw16a | - | |
| toshiba | hem-gw26a_firmware | * | |
| toshiba | hem-gw26a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:toshiba:hem-gw16a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E768A13-4373-4211-9D77-6D02BC377EC9",
"versionEndIncluding": "1.2.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:toshiba:hem-gw16a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9C8238-D8C8-46CD-993F-3A49C1627BE1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:toshiba:hem-gw26a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59EC2236-60EA-4E49-A337-D32EAE51FDED",
"versionEndIncluding": "1.2.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:toshiba:hem-gw26a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D699E38-BB97-4831-B5BF-E1DF1735ABEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-Site Scripting (XSS) en la puerta de enlace Toshiba Home HEM-GW16A, en versiones 1.2.9 y anteriores y la puerta de enlace Toshiba Home HEM-GW26A, en versiones 1.2.9 y anteriores, permite que un atacante remoto inyecte scripts web o HTML arbitrarios utilizando vectores no especificados."
}
],
"id": "CVE-2018-16199",
"lastModified": "2024-11-21T03:52:16.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-09T23:29:04.747",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-16197
Vulnerability from fkie_nvd - Published: 2019-01-09 23:29 - Updated: 2024-11-21 03:52
Severity ?
Summary
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| toshiba | hem-gw16a_firmware | * | |
| toshiba | hem-gw16a | - | |
| toshiba | hem-gw26a_firmware | * | |
| toshiba | hem-gw26a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:toshiba:hem-gw16a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E768A13-4373-4211-9D77-6D02BC377EC9",
"versionEndIncluding": "1.2.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:toshiba:hem-gw16a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9C8238-D8C8-46CD-993F-3A49C1627BE1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:toshiba:hem-gw26a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59EC2236-60EA-4E49-A337-D32EAE51FDED",
"versionEndIncluding": "1.2.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:toshiba:hem-gw26a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D699E38-BB97-4831-B5BF-E1DF1735ABEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device."
},
{
"lang": "es",
"value": "La puerta de enlace Toshiba Home HEM-GW16A, en versiones 1.2.9 y anteriores, y la puerta de enlace Toshiba Home HEM-GW26A, en versiones 1.2.9 y anteriores, permiten que un atacante en el mismo segmento de red omita las restricciones de acceso para acceder a la informaci\u00f3n y los archivos almacenados en el dispositivo afectado."
}
],
"id": "CVE-2018-16197",
"lastModified": "2024-11-21T03:52:16.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-09T23:29:04.623",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-2235
Vulnerability from fkie_nvd - Published: 2017-07-07 13:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to bypass access restriction to change the administrator account password via unspecified vectors.
References
| URL | Tags | ||
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN85901441/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN85901441/index.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| toshiba | hem-gw16a_firmware | * | |
| toshiba | hem-gw16a | - | |
| toshiba | hem-gw26a_firmware | * | |
| toshiba | hem-gw26a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:toshiba:hem-gw16a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D34FB0D3-9DB4-4DD3-A755-239F9127EA79",
"versionEndIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:toshiba:hem-gw16a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9C8238-D8C8-46CD-993F-3A49C1627BE1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:toshiba:hem-gw26a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A511ECD-B10E-4482-8E2D-DE24767060EA",
"versionEndIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:toshiba:hem-gw26a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D699E38-BB97-4831-B5BF-E1DF1735ABEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to bypass access restriction to change the administrator account password via unspecified vectors."
},
{
"lang": "es",
"value": "Toshiba Home gateway HEM-GW26A con versiones de firmware HEM-GW26A-FW-V1.2.0 y anteriores permite que un atacante omita las restricciones de acceso para cambiar la contrase\u00f1a de la cuenta de administrador mediante vectores sin especificar."
}
],
"id": "CVE-2017-2235",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-07T13:29:01.257",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-2234
Vulnerability from fkie_nvd - Published: 2017-07-07 13:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on device with administrative privileges.
References
| URL | Tags | ||
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN85901441/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN85901441/index.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| toshiba | hem-gw16a_firmware | * | |
| toshiba | hem-gw16a | - | |
| toshiba | hem-gw26a_firmware | * | |
| toshiba | hem-gw26a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:toshiba:hem-gw16a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D34FB0D3-9DB4-4DD3-A755-239F9127EA79",
"versionEndIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:toshiba:hem-gw16a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9C8238-D8C8-46CD-993F-3A49C1627BE1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:toshiba:hem-gw26a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A511ECD-B10E-4482-8E2D-DE24767060EA",
"versionEndIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:toshiba:hem-gw26a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D699E38-BB97-4831-B5BF-E1DF1735ABEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on device with administrative privileges."
},
{
"lang": "es",
"value": "Toshiba Home Gateway HEM-GW16A firmware HEM-GW16A-FW-Versi\u00f3n 1.2.0 y anteriores, Toshiba Home Gateway HEM-GW26A firmware HEM-GW26A-FW-Versi\u00f3n 1.2.0 y anteriores, pueden permitir que atacantes remotos accedan a una pantalla de desarrollador no documentada para realizar operaciones en dispositivo con privilegios administrativos."
}
],
"id": "CVE-2017-2234",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-07T13:29:01.227",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-2236
Vulnerability from fkie_nvd - Published: 2017-07-07 13:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges.
References
| URL | Tags | ||
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN85901441/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN85901441/index.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| toshiba | hem-gw16a_firmware | * | |
| toshiba | hem-gw16a | - | |
| toshiba | hem-gw26a_firmware | * | |
| toshiba | hem-gw26a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:toshiba:hem-gw16a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D34FB0D3-9DB4-4DD3-A755-239F9127EA79",
"versionEndIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:toshiba:hem-gw16a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9C8238-D8C8-46CD-993F-3A49C1627BE1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:toshiba:hem-gw26a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A511ECD-B10E-4482-8E2D-DE24767060EA",
"versionEndIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:toshiba:hem-gw26a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D699E38-BB97-4831-B5BF-E1DF1735ABEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges."
},
{
"lang": "es",
"value": "Toshiba Home gateway HEM-GW16A con versiones de firmware HEM-GW16A-FW-V1.2.0 y anteriores y Toshiba Home gateway HEM-GW26A con versiones de firmware HEM-GW26A-FW-V1.2.0 y anteriores emplea credenciales embebidas, lo que podr\u00eda permitir que atacantes puedan realizar operaciones en el dispositivo con privilegios de administrador."
}
],
"id": "CVE-2017-2236",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-07T13:29:01.270",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-2237
Vulnerability from fkie_nvd - Published: 2017-07-07 13:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.
References
| URL | Tags | ||
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN85901441/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN85901441/index.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| toshiba | hem-gw16a_firmware | * | |
| toshiba | hem-gw16a | - | |
| toshiba | hem-gw26a_firmware | * | |
| toshiba | hem-gw26a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:toshiba:hem-gw16a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D34FB0D3-9DB4-4DD3-A755-239F9127EA79",
"versionEndIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:toshiba:hem-gw16a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9C8238-D8C8-46CD-993F-3A49C1627BE1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:toshiba:hem-gw26a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A511ECD-B10E-4482-8E2D-DE24767060EA",
"versionEndIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:toshiba:hem-gw26a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D699E38-BB97-4831-B5BF-E1DF1735ABEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors."
},
{
"lang": "es",
"value": "Toshiba Home gateway HEM-GW16A con versiones de firmware HEM-GW16A-FW-V1.2.0 y anteriores permite que un atacante ejecute comandos del sistema operativo arbitrarios mediante vectores sin especificar."
}
],
"id": "CVE-2017-2237",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-07T13:29:01.303",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-2238
Vulnerability from fkie_nvd - Published: 2017-07-07 13:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
References
| URL | Tags | ||
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN85901441/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN85901441/index.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| toshiba | hem-gw16a_firmware | * | |
| toshiba | hem-gw16a | - | |
| toshiba | hem-gw26a_firmware | * | |
| toshiba | hem-gw26a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:toshiba:hem-gw16a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D34FB0D3-9DB4-4DD3-A755-239F9127EA79",
"versionEndIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:toshiba:hem-gw16a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9C8238-D8C8-46CD-993F-3A49C1627BE1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:toshiba:hem-gw26a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A511ECD-B10E-4482-8E2D-DE24767060EA",
"versionEndIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:toshiba:hem-gw26a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D699E38-BB97-4831-B5BF-E1DF1735ABEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en Toshiba Home gateway HEM-GW16A con versiones de firmware HEM-GW16A-FW-V1.2.0 y anteriores y Toshiba Home gateway HEM-GW26A con versiones de firmware HEM-GW26A-FW-V1.2.0 y anteriores permite que atacantes remotos secuestren la autenticaci\u00f3n de los administradores mediante vectores sin especificar."
}
],
"id": "CVE-2017-2238",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-07T13:29:01.350",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-16197 (GCVE-0-2018-16197)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI?
Summary
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device.
Severity ?
No CVSS data available.
CWE
- Fails to restrict access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A |
Affected:
(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#99810718",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"name": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm",
"refsource": "MISC",
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16197",
"datePublished": "2019-01-09T22:00:00",
"dateReserved": "2018-08-30T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16201 (GCVE-0-2018-16201)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI?
Summary
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands.
Severity ?
No CVSS data available.
CWE
- Use of Hard-coded Credentials
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A |
Affected:
(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Hard-coded Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#99810718",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"name": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm",
"refsource": "MISC",
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16201",
"datePublished": "2019-01-09T22:00:00",
"dateReserved": "2018-08-30T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16199 (GCVE-0-2018-16199)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI?
Summary
Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A |
Affected:
(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#99810718",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"name": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm",
"refsource": "MISC",
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16199",
"datePublished": "2019-01-09T22:00:00",
"dateReserved": "2018-08-30T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16200 (GCVE-0-2018-16200)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI?
Summary
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands.
Severity ?
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A |
Affected:
(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#99810718",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"name": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm",
"refsource": "MISC",
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16200",
"datePublished": "2019-01-09T22:00:00",
"dateReserved": "2018-08-30T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16198 (GCVE-0-2018-16198)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI?
Summary
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device.
Severity ?
No CVSS data available.
CWE
- Hidden Functionality
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A |
Affected:
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hidden Functionality",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Hidden Functionality"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#99810718",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"name": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm",
"refsource": "MISC",
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16198",
"datePublished": "2019-01-09T22:00:00",
"dateReserved": "2018-08-30T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2235 (GCVE-0-2017-2235)
Vulnerability from cvelistv5 – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to bypass access restriction to change the administrator account password via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Fails to restrict access
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A |
Affected:
firmware HEM-GW16A-FW-V1.2.0 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:04.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
},
{
"product": "Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
],
"datePublic": "2017-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to bypass access restriction to change the administrator account password via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
}
},
{
"product_name": "Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to bypass access restriction to change the administrator account password via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#85901441",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2235",
"datePublished": "2017-07-07T13:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:04.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2234 (GCVE-0-2017-2234)
Vulnerability from cvelistv5 – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on device with administrative privileges.
Severity ?
No CVSS data available.
CWE
- Hidden Functionality
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A |
Affected:
firmware HEM-GW16A-FW-V1.2.0 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:04.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
},
{
"product": "Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
],
"datePublic": "2017-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on device with administrative privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hidden Functionality",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
}
},
{
"product_name": "Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on device with administrative privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Hidden Functionality"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#85901441",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2234",
"datePublished": "2017-07-07T13:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:04.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2236 (GCVE-0-2017-2236)
Vulnerability from cvelistv5 – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges.
Severity ?
No CVSS data available.
CWE
- Use of Hard-coded Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A |
Affected:
firmware HEM-GW16A-FW-V1.2.0 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
},
{
"product": "Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
],
"datePublic": "2017-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Hard-coded Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
}
},
{
"product_name": "Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#85901441",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2236",
"datePublished": "2017-07-07T13:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2237 (GCVE-0-2017-2237)
Vulnerability from cvelistv5 – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A |
Affected:
firmware HEM-GW16A-FW-V1.2.0 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:04.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
},
{
"product": "Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
],
"datePublic": "2017-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
}
},
{
"product_name": "Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#85901441",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2237",
"datePublished": "2017-07-07T13:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:04.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2238 (GCVE-0-2017-2238)
Vulnerability from cvelistv5 – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Cross-site request forgery
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A |
Affected:
firmware HEM-GW16A-FW-V1.2.0 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
},
{
"product": "Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
],
"datePublic": "2017-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
}
},
{
"product_name": "Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#85901441",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2238",
"datePublished": "2017-07-07T13:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16197 (GCVE-0-2018-16197)
Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI?
Summary
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device.
Severity ?
No CVSS data available.
CWE
- Fails to restrict access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A |
Affected:
(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#99810718",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"name": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm",
"refsource": "MISC",
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16197",
"datePublished": "2019-01-09T22:00:00",
"dateReserved": "2018-08-30T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16201 (GCVE-0-2018-16201)
Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI?
Summary
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands.
Severity ?
No CVSS data available.
CWE
- Use of Hard-coded Credentials
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A |
Affected:
(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Hard-coded Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#99810718",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"name": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm",
"refsource": "MISC",
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16201",
"datePublished": "2019-01-09T22:00:00",
"dateReserved": "2018-08-30T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16199 (GCVE-0-2018-16199)
Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI?
Summary
Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A |
Affected:
(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#99810718",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"name": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm",
"refsource": "MISC",
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16199",
"datePublished": "2019-01-09T22:00:00",
"dateReserved": "2018-08-30T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16200 (GCVE-0-2018-16200)
Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI?
Summary
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands.
Severity ?
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A |
Affected:
(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#99810718",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"name": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm",
"refsource": "MISC",
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16200",
"datePublished": "2019-01-09T22:00:00",
"dateReserved": "2018-08-30T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16198 (GCVE-0-2018-16198)
Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI?
Summary
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device.
Severity ?
No CVSS data available.
CWE
- Hidden Functionality
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A |
Affected:
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hidden Functionality",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Hidden Functionality"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#99810718",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"name": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm",
"refsource": "MISC",
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16198",
"datePublished": "2019-01-09T22:00:00",
"dateReserved": "2018-08-30T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2235 (GCVE-0-2017-2235)
Vulnerability from nvd – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to bypass access restriction to change the administrator account password via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Fails to restrict access
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A |
Affected:
firmware HEM-GW16A-FW-V1.2.0 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:04.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
},
{
"product": "Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
],
"datePublic": "2017-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to bypass access restriction to change the administrator account password via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
}
},
{
"product_name": "Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to bypass access restriction to change the administrator account password via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#85901441",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2235",
"datePublished": "2017-07-07T13:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:04.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2234 (GCVE-0-2017-2234)
Vulnerability from nvd – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on device with administrative privileges.
Severity ?
No CVSS data available.
CWE
- Hidden Functionality
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A |
Affected:
firmware HEM-GW16A-FW-V1.2.0 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:04.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
},
{
"product": "Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
],
"datePublic": "2017-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on device with administrative privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hidden Functionality",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
}
},
{
"product_name": "Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on device with administrative privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Hidden Functionality"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#85901441",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2234",
"datePublished": "2017-07-07T13:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:04.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2236 (GCVE-0-2017-2236)
Vulnerability from nvd – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges.
Severity ?
No CVSS data available.
CWE
- Use of Hard-coded Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A |
Affected:
firmware HEM-GW16A-FW-V1.2.0 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
},
{
"product": "Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
],
"datePublic": "2017-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Hard-coded Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
}
},
{
"product_name": "Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#85901441",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2236",
"datePublished": "2017-07-07T13:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2237 (GCVE-0-2017-2237)
Vulnerability from nvd – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A |
Affected:
firmware HEM-GW16A-FW-V1.2.0 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:04.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
},
{
"product": "Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
],
"datePublic": "2017-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
}
},
{
"product_name": "Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#85901441",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2237",
"datePublished": "2017-07-07T13:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:04.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2238 (GCVE-0-2017-2238)
Vulnerability from nvd – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Cross-site request forgery
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A |
Affected:
firmware HEM-GW16A-FW-V1.2.0 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
},
{
"product": "Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
],
"datePublic": "2017-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
}
},
{
"product_name": "Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#85901441",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2238",
"datePublished": "2017-07-07T13:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}