Search criteria
10 vulnerabilities found for hem-gw26a by toshiba
VAR-201901-0796
Vulnerability from variot - Updated: 2023-12-18 12:28Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device. Home gateway provided by Toshiba Lighting & Technology Corporation contains multiple vulnerabilities listed below. * Improper access control (CWE-284) - CVE-2018-16197 * Hidden functionality (CWE-912) - CVE-2018-16198 * Cross-site scripting (CWE-79) - CVE-2018-16199 * OS command injection (CWE-78) - CVE-2018-16200 * Hard-coded credentials (CWE-798) - CVE-2018-16201 The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-16197 Toshitsugu Yoneyama, Yutaka Kokubu, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-16198, CVE-2018-16199 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. CVE-2018-16200, CVE-2018-16201 Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc.* The information and files stored on the affected device may be accessed. - CVE-2018-16197, CVE-2018-16201 * The affected device may be operated by an attacker. - CVE-2018-16198, CVE-2018-16201 * An arbitrary script may be executed on the user's web browser. - CVE-2018-16199 * An arbitrary OS command may be executed on the affected device. - CVE-2018-16200, CVE-2018-16201. TOSHIBA Home Gateway HEM-GW26A and TOSHIBA Home Gateway HEM-GW16A are home gateway products of Japan Toshiba (TOSHIBA)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0796",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hem-gw26a",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "1.2.9"
},
{
"model": "hem-gw16a",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "1.2.9"
},
{
"model": "home gateway hem-gw16a",
"scope": "lte",
"trust": 0.8,
"vendor": "toshiba lighting",
"version": "1.2.9"
},
{
"model": "home gateway hem-gw26a",
"scope": "lte",
"trust": 0.8,
"vendor": "toshiba lighting",
"version": "1.2.9"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "NVD",
"id": "CVE-2018-16198"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:toshiba:hem-gw16a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:toshiba:hem-gw16a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:toshiba:hem-gw26a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:toshiba:hem-gw26a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16198"
}
]
},
"cve": "CVE-2018-16198",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000132",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 2.4,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 8.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2018-000132",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2018-000132",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-126533",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-000132",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 2.4,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-000132",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-000132",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2018-000132",
"trust": 2.4,
"value": "High"
},
{
"author": "IPA",
"id": "JVNDB-2018-000132",
"trust": 1.6,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2018-16198",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-808",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-126533",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126533"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "NVD",
"id": "CVE-2018-16198"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-808"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device. Home gateway provided by Toshiba Lighting \u0026 Technology Corporation contains multiple vulnerabilities listed below. * Improper access control (CWE-284) - CVE-2018-16197 * Hidden functionality (CWE-912) - CVE-2018-16198 * Cross-site scripting (CWE-79) - CVE-2018-16199 * OS command injection (CWE-78) - CVE-2018-16200 * Hard-coded credentials (CWE-798) - CVE-2018-16201 The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-16197 Toshitsugu Yoneyama, Yutaka Kokubu, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-16198, CVE-2018-16199 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. CVE-2018-16200, CVE-2018-16201 Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc.* The information and files stored on the affected device may be accessed. - CVE-2018-16197, CVE-2018-16201 * The affected device may be operated by an attacker. - CVE-2018-16198, CVE-2018-16201 * An arbitrary script may be executed on the user\u0027s web browser. - CVE-2018-16199 * An arbitrary OS command may be executed on the affected device. - CVE-2018-16200, CVE-2018-16201. TOSHIBA Home Gateway HEM-GW26A and TOSHIBA Home Gateway HEM-GW16A are home gateway products of Japan Toshiba (TOSHIBA)",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16198"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "VULHUB",
"id": "VHN-126533"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN99810718",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2018-16198",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201812-808",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-126533",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126533"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "NVD",
"id": "CVE-2018-16198"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-808"
}
]
},
"id": "VAR-201901-0796",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-126533"
}
],
"trust": 0.8321428649999999
},
"last_update_date": "2023-12-18T12:28:33.216000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Toshiba Lighting \u0026 Technology Corporation website",
"trust": 0.8,
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
},
{
"title": "TOSHIBA Home Gateway HEM-GW26A and TOSHIBA Home Gateway HEM-GW16A Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88004"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-808"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
},
{
"problemtype": "CWE-78",
"trust": 0.8
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-79",
"trust": 0.8
},
{
"problemtype": "CWE-255",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126533"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "NVD",
"id": "CVE-2018-16198"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn99810718/index.html"
},
{
"trust": 1.7,
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16201"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16197"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16198"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16199"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16200"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16197"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16198"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16199"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16200"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16201"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126533"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "NVD",
"id": "CVE-2018-16198"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-808"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-126533"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "NVD",
"id": "CVE-2018-16198"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-808"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-126533"
},
{
"date": "2018-12-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"date": "2019-01-09T23:29:04.683000",
"db": "NVD",
"id": "CVE-2018-16198"
},
{
"date": "2018-12-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-808"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-126533"
},
{
"date": "2019-08-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-16198"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-808"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-808"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in Toshiba Lighting \u0026 Technology Corporation Home gateway",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-808"
}
],
"trust": 0.6
}
}
VAR-201901-0799
Vulnerability from variot - Updated: 2023-12-18 12:28Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands. Home gateway provided by Toshiba Lighting & Technology Corporation contains multiple vulnerabilities listed below. * Improper access control (CWE-284) - CVE-2018-16197 * Hidden functionality (CWE-912) - CVE-2018-16198 * Cross-site scripting (CWE-79) - CVE-2018-16199 * OS command injection (CWE-78) - CVE-2018-16200 * Hard-coded credentials (CWE-798) - CVE-2018-16201 The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-16197 Toshitsugu Yoneyama, Yutaka Kokubu, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-16198, CVE-2018-16199 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. CVE-2018-16200, CVE-2018-16201 Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc.* The information and files stored on the affected device may be accessed. - CVE-2018-16197, CVE-2018-16201 * The affected device may be operated by an attacker. - CVE-2018-16198, CVE-2018-16201 * An arbitrary script may be executed on the user's web browser. - CVE-2018-16199 * An arbitrary OS command may be executed on the affected device. - CVE-2018-16200, CVE-2018-16201. TOSHIBA Home gateway HEM-GW26A and HEM-GW16A are home gateway products of Japan Toshiba (TOSHIBA) company. The vulnerability is caused by the use of hard-coded credentials in the program. An attacker could exploit this vulnerability to log in to the administrator settings page, change configurations, or execute arbitrary operating system commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0799",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hem-gw26a",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "1.2.9"
},
{
"model": "hem-gw16a",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "1.2.9"
},
{
"model": "home gateway hem-gw16a",
"scope": "lte",
"trust": 0.8,
"vendor": "toshiba lighting",
"version": "1.2.9"
},
{
"model": "home gateway hem-gw26a",
"scope": "lte",
"trust": 0.8,
"vendor": "toshiba lighting",
"version": "1.2.9"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "NVD",
"id": "CVE-2018-16201"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:toshiba:hem-gw16a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:toshiba:hem-gw16a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:toshiba:hem-gw26a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:toshiba:hem-gw26a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16201"
}
]
},
"cve": "CVE-2018-16201",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000132",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 2.4,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 8.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2018-000132",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2018-000132",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "VHN-126537",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-000132",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 2.4,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-000132",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-000132",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2018-000132",
"trust": 2.4,
"value": "High"
},
{
"author": "IPA",
"id": "JVNDB-2018-000132",
"trust": 1.6,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2018-16201",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-811",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-126537",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126537"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "NVD",
"id": "CVE-2018-16201"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-811"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands. Home gateway provided by Toshiba Lighting \u0026 Technology Corporation contains multiple vulnerabilities listed below. * Improper access control (CWE-284) - CVE-2018-16197 * Hidden functionality (CWE-912) - CVE-2018-16198 * Cross-site scripting (CWE-79) - CVE-2018-16199 * OS command injection (CWE-78) - CVE-2018-16200 * Hard-coded credentials (CWE-798) - CVE-2018-16201 The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-16197 Toshitsugu Yoneyama, Yutaka Kokubu, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-16198, CVE-2018-16199 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. CVE-2018-16200, CVE-2018-16201 Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc.* The information and files stored on the affected device may be accessed. - CVE-2018-16197, CVE-2018-16201 * The affected device may be operated by an attacker. - CVE-2018-16198, CVE-2018-16201 * An arbitrary script may be executed on the user\u0027s web browser. - CVE-2018-16199 * An arbitrary OS command may be executed on the affected device. - CVE-2018-16200, CVE-2018-16201. TOSHIBA Home gateway HEM-GW26A and HEM-GW16A are home gateway products of Japan Toshiba (TOSHIBA) company. The vulnerability is caused by the use of hard-coded credentials in the program. An attacker could exploit this vulnerability to log in to the administrator settings page, change configurations, or execute arbitrary operating system commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16201"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "VULHUB",
"id": "VHN-126537"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN99810718",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2018-16201",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201812-811",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-126537",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126537"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "NVD",
"id": "CVE-2018-16201"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-811"
}
]
},
"id": "VAR-201901-0799",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-126537"
}
],
"trust": 0.8321428649999999
},
"last_update_date": "2023-12-18T12:28:33.135000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Toshiba Lighting \u0026 Technology Corporation website",
"trust": 0.8,
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
},
{
"title": "TOSHIBA Home gateway HEM-GW26A and HEM-GW16A Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88006"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-811"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.1
},
{
"problemtype": "CWE-78",
"trust": 0.8
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-79",
"trust": 0.8
},
{
"problemtype": "CWE-255",
"trust": 0.8
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126537"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "NVD",
"id": "CVE-2018-16201"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn99810718/index.html"
},
{
"trust": 1.7,
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16201"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16197"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16198"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16199"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16200"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16197"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16198"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16199"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16200"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16201"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126537"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "NVD",
"id": "CVE-2018-16201"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-811"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-126537"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "NVD",
"id": "CVE-2018-16201"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-811"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-126537"
},
{
"date": "2018-12-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"date": "2019-01-09T23:29:04.887000",
"db": "NVD",
"id": "CVE-2018-16201"
},
{
"date": "2018-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-811"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-24T00:00:00",
"db": "VULHUB",
"id": "VHN-126537"
},
{
"date": "2019-08-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"date": "2019-01-24T15:45:28.917000",
"db": "NVD",
"id": "CVE-2018-16201"
},
{
"date": "2019-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-811"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-811"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in Toshiba Lighting \u0026 Technology Corporation Home gateway",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-811"
}
],
"trust": 0.6
}
}
VAR-201901-0795
Vulnerability from variot - Updated: 2023-12-18 12:28Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device. Home gateway provided by Toshiba Lighting & Technology Corporation contains multiple vulnerabilities listed below. * Improper access control (CWE-284) - CVE-2018-16197 * Hidden functionality (CWE-912) - CVE-2018-16198 * Cross-site scripting (CWE-79) - CVE-2018-16199 * OS command injection (CWE-78) - CVE-2018-16200 * Hard-coded credentials (CWE-798) - CVE-2018-16201 The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-16197 Toshitsugu Yoneyama, Yutaka Kokubu, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-16198, CVE-2018-16199 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. CVE-2018-16200, CVE-2018-16201 Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc.* The information and files stored on the affected device may be accessed. - CVE-2018-16197, CVE-2018-16201 * The affected device may be operated by an attacker. - CVE-2018-16198, CVE-2018-16201 * An arbitrary script may be executed on the user's web browser. - CVE-2018-16199 * An arbitrary OS command may be executed on the affected device. - CVE-2018-16200, CVE-2018-16201. An access control error vulnerability exists in TOSHIBAHomeGatewayHEM-GW26A1.2.9 and earlier and TOSHIBAHomeGateway 1.2.9 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0795",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hem-gw26a",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "1.2.9"
},
{
"model": "hem-gw16a",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "1.2.9"
},
{
"model": "home gateway hem-gw16a",
"scope": "lte",
"trust": 0.8,
"vendor": "toshiba lighting",
"version": "1.2.9"
},
{
"model": "home gateway hem-gw26a",
"scope": "lte",
"trust": 0.8,
"vendor": "toshiba lighting",
"version": "1.2.9"
},
{
"model": "home gateway hem-gw26a",
"scope": "lte",
"trust": 0.6,
"vendor": "toshiba",
"version": "\u003c=1.2.9"
},
{
"model": "home gateway",
"scope": "lte",
"trust": 0.6,
"vendor": "toshiba",
"version": "\u003c=1.2.9"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17156"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "NVD",
"id": "CVE-2018-16197"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:toshiba:hem-gw16a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:toshiba:hem-gw16a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:toshiba:hem-gw26a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:toshiba:hem-gw26a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16197"
}
]
},
"cve": "CVE-2018-16197",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000132",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 2.4,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 8.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2018-000132",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2018-000132",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2019-17156",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-126532",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-000132",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 2.4,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-000132",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-000132",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2018-000132",
"trust": 2.4,
"value": "High"
},
{
"author": "IPA",
"id": "JVNDB-2018-000132",
"trust": 1.6,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2018-16197",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-17156",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-807",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-126532",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17156"
},
{
"db": "VULHUB",
"id": "VHN-126532"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "NVD",
"id": "CVE-2018-16197"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-807"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device. Home gateway provided by Toshiba Lighting \u0026 Technology Corporation contains multiple vulnerabilities listed below. * Improper access control (CWE-284) - CVE-2018-16197 * Hidden functionality (CWE-912) - CVE-2018-16198 * Cross-site scripting (CWE-79) - CVE-2018-16199 * OS command injection (CWE-78) - CVE-2018-16200 * Hard-coded credentials (CWE-798) - CVE-2018-16201 The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-16197 Toshitsugu Yoneyama, Yutaka Kokubu, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-16198, CVE-2018-16199 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. CVE-2018-16200, CVE-2018-16201 Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc.* The information and files stored on the affected device may be accessed. - CVE-2018-16197, CVE-2018-16201 * The affected device may be operated by an attacker. - CVE-2018-16198, CVE-2018-16201 * An arbitrary script may be executed on the user\u0027s web browser. - CVE-2018-16199 * An arbitrary OS command may be executed on the affected device. - CVE-2018-16200, CVE-2018-16201. An access control error vulnerability exists in TOSHIBAHomeGatewayHEM-GW26A1.2.9 and earlier and TOSHIBAHomeGateway 1.2.9 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16197"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "CNVD",
"id": "CNVD-2019-17156"
},
{
"db": "VULHUB",
"id": "VHN-126532"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-16197",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN99810718",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201812-807",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-17156",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-126532",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17156"
},
{
"db": "VULHUB",
"id": "VHN-126532"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "NVD",
"id": "CVE-2018-16197"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-807"
}
]
},
"id": "VAR-201901-0795",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17156"
},
{
"db": "VULHUB",
"id": "VHN-126532"
}
],
"trust": 1.5214285766666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17156"
}
]
},
"last_update_date": "2023-12-18T12:28:33.105000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Toshiba Lighting \u0026 Technology Corporation website",
"trust": 0.8,
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
},
{
"title": "TOSHIBAHomeGatewayHEM-GW26A and TOSHIBAHomeGatewayHEM-GW16A Access Control Error Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/163449"
},
{
"title": "TOSHIBA Home Gateway HEM-GW26A and TOSHIBA Home Gateway HEM-GW16A Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88003"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17156"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-807"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-78",
"trust": 0.8
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-79",
"trust": 0.8
},
{
"problemtype": "CWE-255",
"trust": 0.8
},
{
"problemtype": "CWE-264",
"trust": 0.8
},
{
"problemtype": "CWE-284",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126532"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "NVD",
"id": "CVE-2018-16197"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn99810718/index.html"
},
{
"trust": 1.7,
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16201"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16197"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16198"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16199"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16200"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16197"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16198"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16199"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16200"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16201"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2018/jvndb-2018-000132.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17156"
},
{
"db": "VULHUB",
"id": "VHN-126532"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "NVD",
"id": "CVE-2018-16197"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-807"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-17156"
},
{
"db": "VULHUB",
"id": "VHN-126532"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "NVD",
"id": "CVE-2018-16197"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-807"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-17156"
},
{
"date": "2019-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-126532"
},
{
"date": "2018-12-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"date": "2019-01-09T23:29:04.623000",
"db": "NVD",
"id": "CVE-2018-16197"
},
{
"date": "2018-12-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-807"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-17156"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-126532"
},
{
"date": "2019-08-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-16197"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-807"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-807"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOSHIBA Home Gateway HEM-GW26A and TOSHIBA Home Gateway HEM-GW16A Access Control Error Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17156"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-807"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-807"
}
],
"trust": 0.6
}
}
VAR-201901-0797
Vulnerability from variot - Updated: 2023-12-18 12:28Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors. Home gateway provided by Toshiba Lighting & Technology Corporation contains multiple vulnerabilities listed below. * Improper access control (CWE-284) - CVE-2018-16197 * Hidden functionality (CWE-912) - CVE-2018-16198 * Cross-site scripting (CWE-79) - CVE-2018-16199 * OS command injection (CWE-78) - CVE-2018-16200 * Hard-coded credentials (CWE-798) - CVE-2018-16201 The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-16197 Toshitsugu Yoneyama, Yutaka Kokubu, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-16198, CVE-2018-16199 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. CVE-2018-16200, CVE-2018-16201 Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc.* The information and files stored on the affected device may be accessed. - CVE-2018-16197, CVE-2018-16201 * The affected device may be operated by an attacker. - CVE-2018-16198, CVE-2018-16201 * An arbitrary script may be executed on the user's web browser. - CVE-2018-16199 * An arbitrary OS command may be executed on the affected device. - CVE-2018-16200, CVE-2018-16201
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0797",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hem-gw26a",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "1.2.9"
},
{
"model": "hem-gw16a",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "1.2.9"
},
{
"model": "home gateway hem-gw16a",
"scope": "lte",
"trust": 0.8,
"vendor": "toshiba lighting",
"version": "1.2.9"
},
{
"model": "home gateway hem-gw26a",
"scope": "lte",
"trust": 0.8,
"vendor": "toshiba lighting",
"version": "1.2.9"
},
{
"model": "home gateway hem-gw26a",
"scope": "lte",
"trust": 0.6,
"vendor": "toshiba",
"version": "\u003c=1.2.9"
},
{
"model": "home hem-gw16a",
"scope": "lte",
"trust": 0.6,
"vendor": "toshiba",
"version": "\u003c=1.2.9"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17157"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "NVD",
"id": "CVE-2018-16199"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:toshiba:hem-gw16a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:toshiba:hem-gw16a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:toshiba:hem-gw26a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:toshiba:hem-gw26a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16199"
}
]
},
"cve": "CVE-2018-16199",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000132",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 2.4,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 8.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2018-000132",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2018-000132",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-17157",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-126534",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-000132",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 2.4,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-000132",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-000132",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2018-000132",
"trust": 2.4,
"value": "High"
},
{
"author": "IPA",
"id": "JVNDB-2018-000132",
"trust": 1.6,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2018-16199",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-17157",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-809",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-126534",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17157"
},
{
"db": "VULHUB",
"id": "VHN-126534"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "NVD",
"id": "CVE-2018-16199"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-809"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors. Home gateway provided by Toshiba Lighting \u0026 Technology Corporation contains multiple vulnerabilities listed below. * Improper access control (CWE-284) - CVE-2018-16197 * Hidden functionality (CWE-912) - CVE-2018-16198 * Cross-site scripting (CWE-79) - CVE-2018-16199 * OS command injection (CWE-78) - CVE-2018-16200 * Hard-coded credentials (CWE-798) - CVE-2018-16201 The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-16197 Toshitsugu Yoneyama, Yutaka Kokubu, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-16198, CVE-2018-16199 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. CVE-2018-16200, CVE-2018-16201 Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc.* The information and files stored on the affected device may be accessed. - CVE-2018-16197, CVE-2018-16201 * The affected device may be operated by an attacker. - CVE-2018-16198, CVE-2018-16201 * An arbitrary script may be executed on the user\u0027s web browser. - CVE-2018-16199 * An arbitrary OS command may be executed on the affected device. - CVE-2018-16200, CVE-2018-16201",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16199"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "CNVD",
"id": "CNVD-2019-17157"
},
{
"db": "VULHUB",
"id": "VHN-126534"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-16199",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN99810718",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201812-809",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-17157",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-126534",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17157"
},
{
"db": "VULHUB",
"id": "VHN-126534"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "NVD",
"id": "CVE-2018-16199"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-809"
}
]
},
"id": "VAR-201901-0797",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17157"
},
{
"db": "VULHUB",
"id": "VHN-126534"
}
],
"trust": 1.5214285766666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17157"
}
]
},
"last_update_date": "2023-12-18T12:28:33.159000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Toshiba Lighting \u0026 Technology Corporation website",
"trust": 0.8,
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
},
{
"title": "Patch for TOSHIBAHomeGatewayHEM-GW26A and TOSHIBAHomeGatewayHEM-GW16A Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/163447"
},
{
"title": "TOSHIBA Home Gateway HEM-GW26A and TOSHIBA Home Gateway HEM-GW16A Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88005"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17157"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-809"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
},
{
"problemtype": "CWE-78",
"trust": 0.8
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-255",
"trust": 0.8
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126534"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "NVD",
"id": "CVE-2018-16199"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn99810718/index.html"
},
{
"trust": 1.7,
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16201"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16197"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16198"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16199"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16200"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16197"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16198"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16199"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16200"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16201"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2018/jvndb-2018-000132.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17157"
},
{
"db": "VULHUB",
"id": "VHN-126534"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "NVD",
"id": "CVE-2018-16199"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-809"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-17157"
},
{
"db": "VULHUB",
"id": "VHN-126534"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "NVD",
"id": "CVE-2018-16199"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-809"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-17157"
},
{
"date": "2019-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-126534"
},
{
"date": "2018-12-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"date": "2019-01-09T23:29:04.747000",
"db": "NVD",
"id": "CVE-2018-16199"
},
{
"date": "2018-12-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-809"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-17157"
},
{
"date": "2019-01-24T00:00:00",
"db": "VULHUB",
"id": "VHN-126534"
},
{
"date": "2019-08-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"date": "2019-01-24T15:06:55.413000",
"db": "NVD",
"id": "CVE-2018-16199"
},
{
"date": "2019-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-809"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-809"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOSHIBA Home Gateway HEM-GW26A and TOSHIBA Home Gateway HEM-GW16A Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17157"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-809"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-809"
}
],
"trust": 0.6
}
}
VAR-201901-0798
Vulnerability from variot - Updated: 2023-12-18 12:28Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands. Home gateway provided by Toshiba Lighting & Technology Corporation contains multiple vulnerabilities listed below. * Improper access control (CWE-284) - CVE-2018-16197 * Hidden functionality (CWE-912) - CVE-2018-16198 * Cross-site scripting (CWE-79) - CVE-2018-16199 * OS command injection (CWE-78) - CVE-2018-16200 * Hard-coded credentials (CWE-798) - CVE-2018-16201 The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-16197 Toshitsugu Yoneyama, Yutaka Kokubu, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-16198, CVE-2018-16199 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. CVE-2018-16200, CVE-2018-16201 Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc.* The information and files stored on the affected device may be accessed. - CVE-2018-16197, CVE-2018-16201 * The affected device may be operated by an attacker. - CVE-2018-16198, CVE-2018-16201 * An arbitrary script may be executed on the user's web browser. - CVE-2018-16199 * An arbitrary OS command may be executed on the affected device. - CVE-2018-16200, CVE-2018-16201. An operating system command injection vulnerability exists in TOSHIBAHomeGatewayHEM-GW26A1.2.9 and earlier and TOSHIBAHomeGatewayHEM-GW16A1.2.9 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0798",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hem-gw26a",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "1.2.9"
},
{
"model": "hem-gw16a",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "1.2.9"
},
{
"model": "home gateway hem-gw16a",
"scope": "lte",
"trust": 0.8,
"vendor": "toshiba lighting",
"version": "1.2.9"
},
{
"model": "home gateway hem-gw26a",
"scope": "lte",
"trust": 0.8,
"vendor": "toshiba lighting",
"version": "1.2.9"
},
{
"model": "home gateway hem-gw26a",
"scope": "lte",
"trust": 0.6,
"vendor": "toshiba",
"version": "\u003c=1.2.9"
},
{
"model": "home gateway hem-gw16a",
"scope": "lte",
"trust": 0.6,
"vendor": "toshiba",
"version": "\u003c=1.2.9"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17158"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "NVD",
"id": "CVE-2018-16200"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:toshiba:hem-gw16a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:toshiba:hem-gw16a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:toshiba:hem-gw26a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:toshiba:hem-gw26a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16200"
}
]
},
"cve": "CVE-2018-16200",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000132",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 2.4,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 8.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2018-000132",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2018-000132",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2019-17158",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-126536",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-000132",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 2.4,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-000132",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-000132",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2018-000132",
"trust": 2.4,
"value": "High"
},
{
"author": "IPA",
"id": "JVNDB-2018-000132",
"trust": 1.6,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2018-16200",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-17158",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-810",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-126536",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17158"
},
{
"db": "VULHUB",
"id": "VHN-126536"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "NVD",
"id": "CVE-2018-16200"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-810"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands. Home gateway provided by Toshiba Lighting \u0026 Technology Corporation contains multiple vulnerabilities listed below. * Improper access control (CWE-284) - CVE-2018-16197 * Hidden functionality (CWE-912) - CVE-2018-16198 * Cross-site scripting (CWE-79) - CVE-2018-16199 * OS command injection (CWE-78) - CVE-2018-16200 * Hard-coded credentials (CWE-798) - CVE-2018-16201 The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-16197 Toshitsugu Yoneyama, Yutaka Kokubu, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-16198, CVE-2018-16199 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. CVE-2018-16200, CVE-2018-16201 Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc.* The information and files stored on the affected device may be accessed. - CVE-2018-16197, CVE-2018-16201 * The affected device may be operated by an attacker. - CVE-2018-16198, CVE-2018-16201 * An arbitrary script may be executed on the user\u0027s web browser. - CVE-2018-16199 * An arbitrary OS command may be executed on the affected device. - CVE-2018-16200, CVE-2018-16201. An operating system command injection vulnerability exists in TOSHIBAHomeGatewayHEM-GW26A1.2.9 and earlier and TOSHIBAHomeGatewayHEM-GW16A1.2.9 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16200"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "CNVD",
"id": "CNVD-2019-17158"
},
{
"db": "VULHUB",
"id": "VHN-126536"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-16200",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN99810718",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201812-810",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-17158",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-126536",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17158"
},
{
"db": "VULHUB",
"id": "VHN-126536"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "NVD",
"id": "CVE-2018-16200"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-810"
}
]
},
"id": "VAR-201901-0798",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17158"
},
{
"db": "VULHUB",
"id": "VHN-126536"
}
],
"trust": 1.4321428649999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17158"
}
]
},
"last_update_date": "2023-12-18T12:28:33.187000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Toshiba Lighting \u0026 Technology Corporation website",
"trust": 0.8,
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
},
{
"title": "Patch for TOSHIBAHomeGatewayHEM-GW26A and TOSHIBAHomeGatewayHEM-GW16A operating system command injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/163445"
},
{
"title": "TOSHIBA Home Gateway HEM-GW26A and TOSHIBA Home Gateway HEM-GW16A Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88007"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17158"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-810"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-79",
"trust": 0.8
},
{
"problemtype": "CWE-255",
"trust": 0.8
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126536"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "NVD",
"id": "CVE-2018-16200"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn99810718/index.html"
},
{
"trust": 1.7,
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16201"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16197"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16198"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16199"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16200"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16197"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16198"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16199"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16200"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16201"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2018/jvndb-2018-000132.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17158"
},
{
"db": "VULHUB",
"id": "VHN-126536"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "NVD",
"id": "CVE-2018-16200"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-810"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-17158"
},
{
"db": "VULHUB",
"id": "VHN-126536"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"db": "NVD",
"id": "CVE-2018-16200"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-810"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-17158"
},
{
"date": "2019-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-126536"
},
{
"date": "2018-12-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"date": "2019-01-09T23:29:04.810000",
"db": "NVD",
"id": "CVE-2018-16200"
},
{
"date": "2018-12-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-810"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-17158"
},
{
"date": "2019-01-24T00:00:00",
"db": "VULHUB",
"id": "VHN-126536"
},
{
"date": "2019-08-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000132"
},
{
"date": "2019-01-24T15:09:08.720000",
"db": "NVD",
"id": "CVE-2018-16200"
},
{
"date": "2019-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-810"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-810"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TOSHIBA Home Gateway HEM-GW26A and TOSHIBA Home Gateway HEM-GW16A Operating System Command Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17158"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-810"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-810"
}
],
"trust": 0.6
}
}
VAR-201707-0329
Vulnerability from variot - Updated: 2023-12-18 12:03Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary OS command may be executed on the device. There is an operating system command injection vulnerability in TOSHIBAHomeGatewayHEM-GW26A using HEM-GW26A-FW-V1.2.0 and previous firmware and TOSHIBAHomeGatewayHEM-GW16A using HEM-GW16A-FW-V1.2.0 and previous firmware. An attacker could exploit this vulnerability to execute arbitrary operating system commands. Failed exploit attempts will result in a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-0329",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hem-gw16a",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "1.2.0"
},
{
"model": "hem-gw26a",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "1.2.0"
},
{
"model": "home gateway hem-gw16a",
"scope": "lte",
"trust": 0.8,
"vendor": "toshiba lighting",
"version": "firmware hem-gw16a-fw-v1.2.0"
},
{
"model": "home gateway hem-gw26a",
"scope": "lte",
"trust": 0.8,
"vendor": "toshiba lighting",
"version": "firmware hem-gw26a-fw-v1.2.0"
},
{
"model": "home gateway hem-gw26a \u003c=hem-gw26a-fw-v1.2.0",
"scope": null,
"trust": 0.6,
"vendor": "toshiba",
"version": null
},
{
"model": "home gateway hem-gw16a \u003c=hem-gw16a-fw-v1.2.0",
"scope": null,
"trust": 0.6,
"vendor": "toshiba",
"version": null
},
{
"model": "hem-gw16a",
"scope": "eq",
"trust": 0.6,
"vendor": "toshiba",
"version": "1.2.0"
},
{
"model": "hem-gw26a",
"scope": "eq",
"trust": 0.6,
"vendor": "toshiba",
"version": "1.2.0"
},
{
"model": "home gateway hem-gw26a hem-gw26a-fw-v1.2.0",
"scope": null,
"trust": 0.3,
"vendor": "toshiba",
"version": null
},
{
"model": "home gateway hem-gw16a hem-gw16a-fw-v1.2.0",
"scope": null,
"trust": 0.3,
"vendor": "toshiba",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12981"
},
{
"db": "BID",
"id": "101047"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000150"
},
{
"db": "NVD",
"id": "CVE-2017-2237"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1246"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:toshiba:hem-gw16a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:toshiba:hem-gw16a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:toshiba:hem-gw26a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:toshiba:hem-gw26a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2237"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc.",
"sources": [
{
"db": "BID",
"id": "101047"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1246"
}
],
"trust": 0.9
},
"cve": "CVE-2017-2237",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.2,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000150",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "CNVD-2017-12981",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-110440",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000150",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-2237",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2017-000150",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-12981",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-1246",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-110440",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12981"
},
{
"db": "VULHUB",
"id": "VHN-110440"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000150"
},
{
"db": "NVD",
"id": "CVE-2017-2237"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1246"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary OS command may be executed on the device. There is an operating system command injection vulnerability in TOSHIBAHomeGatewayHEM-GW26A using HEM-GW26A-FW-V1.2.0 and previous firmware and TOSHIBAHomeGatewayHEM-GW16A using HEM-GW16A-FW-V1.2.0 and previous firmware. An attacker could exploit this vulnerability to execute arbitrary operating system commands. Failed exploit attempts will result in a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2237"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000150"
},
{
"db": "CNVD",
"id": "CNVD-2017-12981"
},
{
"db": "BID",
"id": "101047"
},
{
"db": "VULHUB",
"id": "VHN-110440"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2237",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVN85901441",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000150",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1246",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-12981",
"trust": 0.6
},
{
"db": "BID",
"id": "101047",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-110440",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12981"
},
{
"db": "VULHUB",
"id": "VHN-110440"
},
{
"db": "BID",
"id": "101047"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000150"
},
{
"db": "NVD",
"id": "CVE-2017-2237"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1246"
}
]
},
"id": "VAR-201707-0329",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12981"
},
{
"db": "VULHUB",
"id": "VHN-110440"
}
],
"trust": 1.4321428649999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12981"
}
]
},
"last_update_date": "2023-12-18T12:03:51.466000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Toshiba Lighting \u0026 Technology Corporation website",
"trust": 0.8,
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20170626/20170626.htm"
},
{
"title": "ToshibaHomegatewayHEM-GW16A firmware OS command injection vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/97435"
},
{
"title": "TOSHIBA Home gateway HEM-GW26A and HEM-GW16A Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71381"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12981"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000150"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1246"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110440"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000150"
},
{
"db": "NVD",
"id": "CVE-2017-2237"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://jvn.jp/en/jp/jvn85901441/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2237"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2237"
},
{
"trust": 0.6,
"url": "http://jvn.jp/en/jp/jvn85901441/"
},
{
"trust": 0.6,
"url": "http://jvndb.jvn.jp/en/contents/2017/jvndb-2017-000150.html"
},
{
"trust": 0.3,
"url": "http://www.toshiba.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12981"
},
{
"db": "VULHUB",
"id": "VHN-110440"
},
{
"db": "BID",
"id": "101047"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000150"
},
{
"db": "NVD",
"id": "CVE-2017-2237"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1246"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-12981"
},
{
"db": "VULHUB",
"id": "VHN-110440"
},
{
"db": "BID",
"id": "101047"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000150"
},
{
"db": "NVD",
"id": "CVE-2017-2237"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1246"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12981"
},
{
"date": "2017-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-110440"
},
{
"date": "2017-07-07T00:00:00",
"db": "BID",
"id": "101047"
},
{
"date": "2017-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000150"
},
{
"date": "2017-07-07T13:29:01.303000",
"db": "NVD",
"id": "CVE-2017-2237"
},
{
"date": "2017-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1246"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12981"
},
{
"date": "2017-07-14T00:00:00",
"db": "VULHUB",
"id": "VHN-110440"
},
{
"date": "2017-07-07T00:00:00",
"db": "BID",
"id": "101047"
},
{
"date": "2018-02-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000150"
},
{
"date": "2017-07-14T14:45:04.317000",
"db": "NVD",
"id": "CVE-2017-2237"
},
{
"date": "2017-07-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1246"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1246"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OS command injection vulnerability in Toshiba Lighting \u0026 Technology Corporation Home gateway",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000150"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1246"
}
],
"trust": 0.6
}
}
VAR-201707-0330
Vulnerability from variot - Updated: 2023-12-18 12:03Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The user may be tricked to perform unintended operation on the device. A remote attacker could exploit this vulnerability to perform unauthorized operations. Exploiting the issue will allow a remote attacker to use a victim's currently active session to hijack the authentication of administrators. Successful exploits will compromise affected device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-0330",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hem-gw16a",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "1.2.0"
},
{
"model": "hem-gw26a",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "1.2.0"
},
{
"model": "home gateway hem-gw16a",
"scope": "lte",
"trust": 0.8,
"vendor": "toshiba lighting",
"version": "firmware hem-gw16a-fw-v1.2.0"
},
{
"model": "home gateway hem-gw26a",
"scope": "lte",
"trust": 0.8,
"vendor": "toshiba lighting",
"version": "firmware hem-gw26a-fw-v1.2.0"
},
{
"model": "home gateway hem-gw26a \u003c=hem-gw26a-fw-v1.2.0",
"scope": null,
"trust": 0.6,
"vendor": "toshiba",
"version": null
},
{
"model": "home gateway hem-gw16a \u003c=hem-gw16a-fw-v1.2.0",
"scope": null,
"trust": 0.6,
"vendor": "toshiba",
"version": null
},
{
"model": "hem-gw16a",
"scope": "eq",
"trust": 0.6,
"vendor": "toshiba",
"version": "1.2.0"
},
{
"model": "hem-gw26a",
"scope": "eq",
"trust": 0.6,
"vendor": "toshiba",
"version": "1.2.0"
},
{
"model": "home gateway hem-gw26a hem-gw26a-fw-v1.2.0",
"scope": null,
"trust": 0.3,
"vendor": "toshiba",
"version": null
},
{
"model": "home gateway hem-gw16a hem-gw16a-fw-v1.2.0",
"scope": null,
"trust": 0.3,
"vendor": "toshiba",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12980"
},
{
"db": "BID",
"id": "99516"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000151"
},
{
"db": "NVD",
"id": "CVE-2017-2238"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1247"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:toshiba:hem-gw16a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:toshiba:hem-gw16a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:toshiba:hem-gw26a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:toshiba:hem-gw26a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2238"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc.",
"sources": [
{
"db": "BID",
"id": "99516"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1247"
}
],
"trust": 0.9
},
"cve": "CVE-2017-2238",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000151",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-12980",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-110441",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-2238",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000151",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-2238",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-000151",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-12980",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-1247",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-110441",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-2238",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12980"
},
{
"db": "VULHUB",
"id": "VHN-110441"
},
{
"db": "VULMON",
"id": "CVE-2017-2238"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000151"
},
{
"db": "NVD",
"id": "CVE-2017-2238"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1247"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The user may be tricked to perform unintended operation on the device. A remote attacker could exploit this vulnerability to perform unauthorized operations. \nExploiting the issue will allow a remote attacker to use a victim\u0027s currently active session to hijack the authentication of administrators. Successful exploits will compromise affected device",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2238"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000151"
},
{
"db": "CNVD",
"id": "CNVD-2017-12980"
},
{
"db": "BID",
"id": "99516"
},
{
"db": "VULHUB",
"id": "VHN-110441"
},
{
"db": "VULMON",
"id": "CVE-2017-2238"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2238",
"trust": 3.5
},
{
"db": "JVN",
"id": "JVN85901441",
"trust": 3.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000151",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1247",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-12980",
"trust": 0.6
},
{
"db": "BID",
"id": "99516",
"trust": 0.5
},
{
"db": "VULHUB",
"id": "VHN-110441",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-2238",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12980"
},
{
"db": "VULHUB",
"id": "VHN-110441"
},
{
"db": "VULMON",
"id": "CVE-2017-2238"
},
{
"db": "BID",
"id": "99516"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000151"
},
{
"db": "NVD",
"id": "CVE-2017-2238"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1247"
}
]
},
"id": "VAR-201707-0330",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12980"
},
{
"db": "VULHUB",
"id": "VHN-110441"
}
],
"trust": 1.4321428649999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12980"
}
]
},
"last_update_date": "2023-12-18T12:03:51.395000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Toshiba Lighting \u0026 Technology Corporation website",
"trust": 0.8,
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20170626/20170626.htm"
},
{
"title": "ToshibaHomegatewayHEM-GW16A firmware cross-site request forgery vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/97433"
},
{
"title": "TOSHIBA Home gateway HEM-GW26A and HEM-GW16A Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71382"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12980"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000151"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1247"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110441"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000151"
},
{
"db": "NVD",
"id": "CVE-2017-2238"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://jvn.jp/en/jp/jvn85901441/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2238"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2238"
},
{
"trust": 0.6,
"url": "http://jvn.jp/en/jp/jvn85901441/"
},
{
"trust": 0.6,
"url": "http://jvndb.jvn.jp/en/contents/2017/jvndb-2017-000151.html"
},
{
"trust": 0.3,
"url": "http://www.toshiba.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/99516"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12980"
},
{
"db": "VULHUB",
"id": "VHN-110441"
},
{
"db": "VULMON",
"id": "CVE-2017-2238"
},
{
"db": "BID",
"id": "99516"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000151"
},
{
"db": "NVD",
"id": "CVE-2017-2238"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1247"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-12980"
},
{
"db": "VULHUB",
"id": "VHN-110441"
},
{
"db": "VULMON",
"id": "CVE-2017-2238"
},
{
"db": "BID",
"id": "99516"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000151"
},
{
"db": "NVD",
"id": "CVE-2017-2238"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1247"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12980"
},
{
"date": "2017-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-110441"
},
{
"date": "2017-07-07T00:00:00",
"db": "VULMON",
"id": "CVE-2017-2238"
},
{
"date": "2017-06-27T00:00:00",
"db": "BID",
"id": "99516"
},
{
"date": "2017-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000151"
},
{
"date": "2017-07-07T13:29:01.350000",
"db": "NVD",
"id": "CVE-2017-2238"
},
{
"date": "2017-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1247"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12980"
},
{
"date": "2017-07-14T00:00:00",
"db": "VULHUB",
"id": "VHN-110441"
},
{
"date": "2017-07-14T00:00:00",
"db": "VULMON",
"id": "CVE-2017-2238"
},
{
"date": "2017-06-27T00:00:00",
"db": "BID",
"id": "99516"
},
{
"date": "2018-02-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000151"
},
{
"date": "2017-07-14T14:55:14.447000",
"db": "NVD",
"id": "CVE-2017-2238"
},
{
"date": "2017-07-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1247"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1247"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery vulnerability in Toshiba Lighting \u0026 Technology Corporation Home gateway",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000151"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1247"
}
],
"trust": 0.6
}
}
VAR-201707-0326
Vulnerability from variot - Updated: 2023-12-18 12:03Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on device with administrative privileges. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The device is operated with the administrative privilege. There is a security hole in TOSHIBAHomeGatewayHEM-GW26A using HEM-GW26A-FW-V1.2.0 and previous firmware and TOSHIBAHomeGatewayHEM-GW16A using HEM-GW16A-FW-V1.2.0 and previous firmware. An attacker could exploit the vulnerability to perform operations with administrator privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-0326",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hem-gw16a",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "1.2.0"
},
{
"model": "hem-gw26a",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "1.2.0"
},
{
"model": "home gateway hem-gw16a",
"scope": "lte",
"trust": 0.8,
"vendor": "toshiba lighting",
"version": "firmware hem-gw16a-fw-v1.2.0"
},
{
"model": "home gateway hem-gw26a",
"scope": "lte",
"trust": 0.8,
"vendor": "toshiba lighting",
"version": "firmware hem-gw26a-fw-v1.2.0"
},
{
"model": "home gateway hem-gw26a \u003c=hem-gw26a-fw-v1.2.0",
"scope": null,
"trust": 0.6,
"vendor": "toshiba",
"version": null
},
{
"model": "home gateway hem-gw16a \u003c=hem-gw16a-fw-v1.2.0",
"scope": null,
"trust": 0.6,
"vendor": "toshiba",
"version": null
},
{
"model": "hem-gw16a",
"scope": "eq",
"trust": 0.6,
"vendor": "toshiba",
"version": "1.2.0"
},
{
"model": "hem-gw26a",
"scope": "eq",
"trust": 0.6,
"vendor": "toshiba",
"version": "1.2.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12984"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000147"
},
{
"db": "NVD",
"id": "CVE-2017-2234"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1243"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:toshiba:hem-gw16a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:toshiba:hem-gw16a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:toshiba:hem-gw26a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:toshiba:hem-gw26a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2234"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inc. ,Yutaka Kokubu of Mitsui Bussan Secure Directions",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1243"
}
],
"trust": 0.6
},
"cve": "CVE-2017-2234",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.7,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2017-000147",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.1,
"id": "CNVD-2017-12984",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-110437",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.4,
"baseSeverity": "Low",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2017-000147",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-2234",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2017-000147",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2017-12984",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-1243",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-110437",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12984"
},
{
"db": "VULHUB",
"id": "VHN-110437"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000147"
},
{
"db": "NVD",
"id": "CVE-2017-2234"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1243"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on device with administrative privileges. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The device is operated with the administrative privilege. There is a security hole in TOSHIBAHomeGatewayHEM-GW26A using HEM-GW26A-FW-V1.2.0 and previous firmware and TOSHIBAHomeGatewayHEM-GW16A using HEM-GW16A-FW-V1.2.0 and previous firmware. An attacker could exploit the vulnerability to perform operations with administrator privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2234"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000147"
},
{
"db": "CNVD",
"id": "CNVD-2017-12984"
},
{
"db": "VULHUB",
"id": "VHN-110437"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2234",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN85901441",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000147",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1243",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-12984",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-110437",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12984"
},
{
"db": "VULHUB",
"id": "VHN-110437"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000147"
},
{
"db": "NVD",
"id": "CVE-2017-2234"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1243"
}
]
},
"id": "VAR-201707-0326",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12984"
},
{
"db": "VULHUB",
"id": "VHN-110437"
}
],
"trust": 1.4321428649999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12984"
}
]
},
"last_update_date": "2023-12-18T12:03:51.367000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Toshiba Lighting \u0026 Technology Corporation website",
"trust": 0.8,
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20170626/20170626.htm"
},
{
"title": "ToshibaHomegatewayHEM-GW16A firmware vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/97439"
},
{
"title": "TOSHIBA Home gateway HEM-GW26A and HEM-GW16A Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71378"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12984"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000147"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1243"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110437"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000147"
},
{
"db": "NVD",
"id": "CVE-2017-2234"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://jvn.jp/en/jp/jvn85901441/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2234"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2234"
},
{
"trust": 0.6,
"url": "http://jvn.jp/en/jp/jvn85901441/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12984"
},
{
"db": "VULHUB",
"id": "VHN-110437"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000147"
},
{
"db": "NVD",
"id": "CVE-2017-2234"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1243"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-12984"
},
{
"db": "VULHUB",
"id": "VHN-110437"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000147"
},
{
"db": "NVD",
"id": "CVE-2017-2234"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1243"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12984"
},
{
"date": "2017-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-110437"
},
{
"date": "2017-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000147"
},
{
"date": "2017-07-07T13:29:01.227000",
"db": "NVD",
"id": "CVE-2017-2234"
},
{
"date": "2017-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1243"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12984"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-110437"
},
{
"date": "2018-02-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000147"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-2234"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1243"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1243"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Non-documented developer\u0027s screen in Toshiba Lighting \u0026 Technology Corporation Home gateway",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000147"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1243"
}
],
"trust": 0.6
}
}
VAR-201707-0327
Vulnerability from variot - Updated: 2023-12-18 12:03Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to bypass access restriction to change the administrator account password via unspecified vectors. Home gateway provided by Toshiba Lighting & Technology Corporation contains improper access control. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The administrator's password may be changed. There is an access control error vulnerability in TOSHIBAHomeGatewayHEM-GW26A using HEM-GW26A-FW-V1.2.0 and previous firmware and TOSHIBAHomeGatewayHEM-GW16A using HEM-GW16A-FW-V1.2.0 and previous firmware. An attacker could use this vulnerability to change the administrator password
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-0327",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hem-gw16a",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "1.2.0"
},
{
"model": "hem-gw26a",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "1.2.0"
},
{
"model": "home gateway hem-gw16a",
"scope": "lte",
"trust": 0.8,
"vendor": "toshiba lighting",
"version": "firmware hem-gw16a-fw-v1.2.0"
},
{
"model": "home gateway hem-gw26a",
"scope": "lte",
"trust": 0.8,
"vendor": "toshiba lighting",
"version": "firmware hem-gw26a-fw-v1.2.0"
},
{
"model": "home gateway hem-gw26a \u003c=hem-gw26a-fw-v1.2.0",
"scope": null,
"trust": 0.6,
"vendor": "toshiba",
"version": null
},
{
"model": "home gateway hem-gw16a \u003c=hem-gw16a-fw-v1.2.0",
"scope": null,
"trust": 0.6,
"vendor": "toshiba",
"version": null
},
{
"model": "hem-gw16a",
"scope": "eq",
"trust": 0.6,
"vendor": "toshiba",
"version": "1.2.0"
},
{
"model": "hem-gw26a",
"scope": "eq",
"trust": 0.6,
"vendor": "toshiba",
"version": "1.2.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12983"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000148"
},
{
"db": "NVD",
"id": "CVE-2017-2235"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1244"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:toshiba:hem-gw16a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:toshiba:hem-gw16a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:toshiba:hem-gw26a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:toshiba:hem-gw26a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2235"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inc. ,Yutaka Kokubu of Mitsui Bussan Secure Directions",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1244"
}
],
"trust": 0.6
},
"cve": "CVE-2017-2235",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000148",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2017-12983",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-110438",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2017-000148",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-2235",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2017-000148",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-12983",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-1244",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-110438",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12983"
},
{
"db": "VULHUB",
"id": "VHN-110438"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000148"
},
{
"db": "NVD",
"id": "CVE-2017-2235"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1244"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to bypass access restriction to change the administrator account password via unspecified vectors. Home gateway provided by Toshiba Lighting \u0026 Technology Corporation contains improper access control. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The administrator\u0027s password may be changed. There is an access control error vulnerability in TOSHIBAHomeGatewayHEM-GW26A using HEM-GW26A-FW-V1.2.0 and previous firmware and TOSHIBAHomeGatewayHEM-GW16A using HEM-GW16A-FW-V1.2.0 and previous firmware. An attacker could use this vulnerability to change the administrator password",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2235"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000148"
},
{
"db": "CNVD",
"id": "CNVD-2017-12983"
},
{
"db": "VULHUB",
"id": "VHN-110438"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2235",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN85901441",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000148",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1244",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-12983",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-110438",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12983"
},
{
"db": "VULHUB",
"id": "VHN-110438"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000148"
},
{
"db": "NVD",
"id": "CVE-2017-2235"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1244"
}
]
},
"id": "VAR-201707-0327",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12983"
},
{
"db": "VULHUB",
"id": "VHN-110438"
}
],
"trust": 1.4321428649999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12983"
}
]
},
"last_update_date": "2023-12-18T12:03:51.337000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Toshiba Lighting \u0026 Technology Corporation website",
"trust": 0.8,
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20170626/20170626.htm"
},
{
"title": "ToshibaHomegatewayHEM-GW16A firmware has a patch for improper access control vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/97437"
},
{
"title": "TOSHIBA Home Gateway HEM-GW26A and HEM-GW16A Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71379"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12983"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000148"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1244"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
},
{
"problemtype": "CWE-284",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110438"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000148"
},
{
"db": "NVD",
"id": "CVE-2017-2235"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://jvn.jp/en/jp/jvn85901441/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2235"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2235"
},
{
"trust": 0.6,
"url": "http://jvn.jp/en/jp/jvn85901441/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12983"
},
{
"db": "VULHUB",
"id": "VHN-110438"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000148"
},
{
"db": "NVD",
"id": "CVE-2017-2235"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1244"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-12983"
},
{
"db": "VULHUB",
"id": "VHN-110438"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000148"
},
{
"db": "NVD",
"id": "CVE-2017-2235"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1244"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12983"
},
{
"date": "2017-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-110438"
},
{
"date": "2017-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000148"
},
{
"date": "2017-07-07T13:29:01.257000",
"db": "NVD",
"id": "CVE-2017-2235"
},
{
"date": "2017-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1244"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12983"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-110438"
},
{
"date": "2018-02-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000148"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2017-2235"
},
{
"date": "2020-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1244"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1244"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper access control vulnerability in Toshiba Lighting \u0026 Technology Corporation Home gateway",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000148"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1244"
}
],
"trust": 0.6
}
}
VAR-201707-0328
Vulnerability from variot - Updated: 2023-12-18 12:03Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The device is operated with the administrative privilege. There is a hard-coded voucher vulnerability in TOSHIBAHomeGatewayHEM-GW26A using HEM-GW26A-FW-V1.2.0 and previous firmware and TOSHIBAHomeGatewayHEM-GW16A using HEM-GW16A-FW-V1.2.0 and previous firmware. An attacker could exploit the vulnerability to perform operations with administrator privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-0328",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hem-gw16a",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "1.2.0"
},
{
"model": "hem-gw26a",
"scope": "lte",
"trust": 1.0,
"vendor": "toshiba",
"version": "1.2.0"
},
{
"model": "home gateway hem-gw16a",
"scope": "lte",
"trust": 0.8,
"vendor": "toshiba lighting",
"version": "firmware hem-gw16a-fw-v1.2.0"
},
{
"model": "home gateway hem-gw26a",
"scope": "lte",
"trust": 0.8,
"vendor": "toshiba lighting",
"version": "firmware hem-gw26a-fw-v1.2.0"
},
{
"model": "home gateway hem-gw26a \u003c=hem-gw26a-fw-v1.2.0",
"scope": null,
"trust": 0.6,
"vendor": "toshiba",
"version": null
},
{
"model": "home gateway hem-gw16a \u003c=hem-gw16a-fw-v1.2.0",
"scope": null,
"trust": 0.6,
"vendor": "toshiba",
"version": null
},
{
"model": "hem-gw16a",
"scope": "eq",
"trust": 0.6,
"vendor": "toshiba",
"version": "1.2.0"
},
{
"model": "hem-gw26a",
"scope": "eq",
"trust": 0.6,
"vendor": "toshiba",
"version": "1.2.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12982"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000149"
},
{
"db": "NVD",
"id": "CVE-2017-2236"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1245"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:toshiba:hem-gw16a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:toshiba:hem-gw16a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:toshiba:hem-gw26a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:toshiba:hem-gw26a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2236"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1245"
}
],
"trust": 0.6
},
"cve": "CVE-2017-2236",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 8.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2017-000149",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2017-12982",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-110439",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000149",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-2236",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2017-000149",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-12982",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-1245",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-110439",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12982"
},
{
"db": "VULHUB",
"id": "VHN-110439"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000149"
},
{
"db": "NVD",
"id": "CVE-2017-2236"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1245"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The device is operated with the administrative privilege. There is a hard-coded voucher vulnerability in TOSHIBAHomeGatewayHEM-GW26A using HEM-GW26A-FW-V1.2.0 and previous firmware and TOSHIBAHomeGatewayHEM-GW16A using HEM-GW16A-FW-V1.2.0 and previous firmware. An attacker could exploit the vulnerability to perform operations with administrator privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2236"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000149"
},
{
"db": "CNVD",
"id": "CNVD-2017-12982"
},
{
"db": "VULHUB",
"id": "VHN-110439"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2236",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN85901441",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000149",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1245",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-12982",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-110439",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12982"
},
{
"db": "VULHUB",
"id": "VHN-110439"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000149"
},
{
"db": "NVD",
"id": "CVE-2017-2236"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1245"
}
]
},
"id": "VAR-201707-0328",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12982"
},
{
"db": "VULHUB",
"id": "VHN-110439"
}
],
"trust": 1.4321428649999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12982"
}
]
},
"last_update_date": "2023-12-18T12:03:51.436000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Toshiba Lighting \u0026 Technology Corporation website",
"trust": 0.8,
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20170626/20170626.htm"
},
{
"title": "Patch for hardcoded vulnerabilities in ToshibaHomegatewayHEM-GW16A firmware",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/97436"
},
{
"title": "TOSHIBA Home gateway HEM-GW26A and HEM-GW16A Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71380"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12982"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000149"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1245"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110439"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000149"
},
{
"db": "NVD",
"id": "CVE-2017-2236"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://jvn.jp/en/jp/jvn85901441/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2236"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2236"
},
{
"trust": 0.6,
"url": "http://jvn.jp/en/jp/jvn85901441/"
},
{
"trust": 0.6,
"url": "http://jvndb.jvn.jp/en/contents/2017/jvndb-2017-000149.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12982"
},
{
"db": "VULHUB",
"id": "VHN-110439"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000149"
},
{
"db": "NVD",
"id": "CVE-2017-2236"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1245"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-12982"
},
{
"db": "VULHUB",
"id": "VHN-110439"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000149"
},
{
"db": "NVD",
"id": "CVE-2017-2236"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1245"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12982"
},
{
"date": "2017-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-110439"
},
{
"date": "2017-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000149"
},
{
"date": "2017-07-07T13:29:01.270000",
"db": "NVD",
"id": "CVE-2017-2236"
},
{
"date": "2017-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1245"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12982"
},
{
"date": "2017-07-14T00:00:00",
"db": "VULHUB",
"id": "VHN-110439"
},
{
"date": "2018-02-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000149"
},
{
"date": "2017-07-14T14:54:51.663000",
"db": "NVD",
"id": "CVE-2017-2236"
},
{
"date": "2017-07-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1245"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1245"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hard-coded credentials vulnerability in Toshiba Lighting \u0026 Technology Corporation Home gateway",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000149"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1245"
}
],
"trust": 0.6
}
}