Vulnerability-Lookup

CVE-2018-16197 (GCVE-0-2018-16197)

Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17

Summary

Severity

6.5 (Medium)


                        
                          CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

Fails to restrict access

Assigner

jpcert

References

2 references

URL	Tags
https://jvn.jp/en/jp/JVN99810718/index.html	third-party-advisoryx_refsource_JVN
http://www.tlt.co.jp/tlt/information/seihin/notic…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Toshiba Lighting & Technology Corporation	Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A	Affected: (Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)

Date Public

2019-01-09 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:17:38.375Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#99810718",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN99810718/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
          "vendor": "Toshiba Lighting \u0026 Technology Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
            }
          ]
        }
      ],
      "datePublic": "2019-01-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Fails to restrict access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-09T21:57:01.000Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#99810718",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "https://jvn.jp/en/jp/JVN99810718/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-16197",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Fails to restrict access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#99810718",
              "refsource": "JVN",
              "url": "https://jvn.jp/en/jp/JVN99810718/index.html"
            },
            {
              "name": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm",
              "refsource": "MISC",
              "url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-16197",
    "datePublished": "2019-01-09T22:00:00.000Z",
    "dateReserved": "2018-08-30T00:00:00.000Z",
    "dateUpdated": "2024-08-05T10:17:38.375Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2018-16197",
      "date": "2026-06-02",
      "epss": "0.00095",
      "percentile": "0.26357"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:toshiba:hem-gw16a_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.2.9\", \"matchCriteriaId\": \"9E768A13-4373-4211-9D77-6D02BC377EC9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:toshiba:hem-gw16a:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D9C8238-D8C8-46CD-993F-3A49C1627BE1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:toshiba:hem-gw26a_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.2.9\", \"matchCriteriaId\": \"59EC2236-60EA-4E49-A337-D32EAE51FDED\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:toshiba:hem-gw26a:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D699E38-BB97-4831-B5BF-E1DF1735ABEB\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device.\"}, {\"lang\": \"es\", \"value\": \"La puerta de enlace Toshiba Home HEM-GW16A, en versiones 1.2.9 y anteriores, y la puerta de enlace Toshiba Home HEM-GW26A, en versiones 1.2.9 y anteriores, permiten que un atacante en el mismo segmento de red omita las restricciones de acceso para acceder a la informaci\\u00f3n y los archivos almacenados en el dispositivo afectado.\"}]",
      "id": "CVE-2018-16197",
      "lastModified": "2024-11-21T03:52:16.390",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 3.3, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.5, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-01-09T23:29:04.623",
      "references": "[{\"url\": \"http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://jvn.jp/en/jp/JVN99810718/index.html\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://jvn.jp/en/jp/JVN99810718/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "vultures@jpcert.or.jp",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-16197\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2019-01-09T23:29:04.623\",\"lastModified\":\"2024-11-21T03:52:16.390\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device.\"},{\"lang\":\"es\",\"value\":\"La puerta de enlace Toshiba Home HEM-GW16A, en versiones 1.2.9 y anteriores, y la puerta de enlace Toshiba Home HEM-GW26A, en versiones 1.2.9 y anteriores, permiten que un atacante en el mismo segmento de red omita las restricciones de acceso para acceder a la informaci\u00f3n y los archivos almacenados en el dispositivo afectado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":3.3,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.5,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:toshiba:hem-gw16a_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.2.9\",\"matchCriteriaId\":\"9E768A13-4373-4211-9D77-6D02BC377EC9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:toshiba:hem-gw16a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D9C8238-D8C8-46CD-993F-3A49C1627BE1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:toshiba:hem-gw26a_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.2.9\",\"matchCriteriaId\":\"59EC2236-60EA-4E49-A337-D32EAE51FDED\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:toshiba:hem-gw26a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D699E38-BB97-4831-B5BF-E1DF1735ABEB\"}]}]}],\"references\":[{\"url\":\"http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/en/jp/JVN99810718/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/en/jp/JVN99810718/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

CNVD-2019-17156

Vulnerability from cnvd - Published: 2019-06-13

Title

TOSHIBA Home Gateway HEM-GW26A和TOSHIBA Home Gateway HEM-GW16A访问控制错误漏洞

Description

TOSHIBA Home Gateway HEM-GW26A和TOSHIBA Home Gateway HEM-GW16A都是日本东芝（TOSHIBA）公司的家庭网关产品。 TOSHIBA Home Gateway HEM-GW26A 1.2.9及之前版本和TOSHIBA Home Gateway 1.2.9及之前版本中存在访问控制错误漏洞，攻击者可利用该漏洞访问存储在受影响设备上的信息和文件。

Severity

低

Patch Name

TOSHIBA Home Gateway HEM-GW26A和TOSHIBA Home Gateway HEM-GW16A访问控制错误漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm

Reference

https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000132.html

Impacted products

Name
['Toshiba Home gateway HEM-GW26A <=1.2.9', 'Toshiba Home Gateway <=1.2.9']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-16197"
    }
  },
  "description": "TOSHIBA Home Gateway HEM-GW26A\u548cTOSHIBA Home Gateway HEM-GW16A\u90fd\u662f\u65e5\u672c\u4e1c\u829d\uff08TOSHIBA\uff09\u516c\u53f8\u7684\u5bb6\u5ead\u7f51\u5173\u4ea7\u54c1\u3002\n\nTOSHIBA Home Gateway HEM-GW26A 1.2.9\u53ca\u4e4b\u524d\u7248\u672c\u548cTOSHIBA Home Gateway 1.2.9\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u5b58\u50a8\u5728\u53d7\u5f71\u54cd\u8bbe\u5907\u4e0a\u7684\u4fe1\u606f\u548c\u6587\u4ef6\u3002",
  "discovererName": "Toshitsugu Yoneyama, Yutaka Kokubu, and Daiki Ichinose",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-17156",
  "openTime": "2019-06-13",
  "patchDescription": "TOSHIBA Home Gateway HEM-GW26A\u548cTOSHIBA Home Gateway HEM-GW16A\u90fd\u662f\u65e5\u672c\u4e1c\u829d\uff08TOSHIBA\uff09\u516c\u53f8\u7684\u5bb6\u5ead\u7f51\u5173\u4ea7\u54c1\u3002\r\n\r\nTOSHIBA Home Gateway HEM-GW26A 1.2.9\u53ca\u4e4b\u524d\u7248\u672c\u548cTOSHIBA Home Gateway 1.2.9\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u5b58\u50a8\u5728\u53d7\u5f71\u54cd\u8bbe\u5907\u4e0a\u7684\u4fe1\u606f\u548c\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "TOSHIBA Home Gateway HEM-GW26A\u548cTOSHIBA Home Gateway HEM-GW16A\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Toshiba Home gateway HEM-GW26A \u003c=1.2.9",
      "Toshiba Home Gateway \u003c=1.2.9"
    ]
  },
  "referenceLink": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000132.html",
  "serverity": "\u4f4e",
  "submitTime": "2018-12-21",
  "title": "TOSHIBA Home Gateway HEM-GW26A\u548cTOSHIBA Home Gateway HEM-GW16A\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}

FKIE_CVE-2018-16197

Vulnerability from fkie_nvd - Published: 2019-01-09 23:29 - Updated: 2024-11-21 03:52

Severity

6.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
vultures@jpcert.or.jp	http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm	Vendor Advisory
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN99810718/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN99810718/index.html	Third Party Advisory

Impacted products

Vendor	Product	Version
toshiba	hem-gw16a_firmware	*
toshiba	hem-gw16a	-
toshiba	hem-gw26a_firmware	*
toshiba	hem-gw26a	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:toshiba:hem-gw16a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E768A13-4373-4211-9D77-6D02BC377EC9",
              "versionEndIncluding": "1.2.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:toshiba:hem-gw16a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D9C8238-D8C8-46CD-993F-3A49C1627BE1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:toshiba:hem-gw26a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "59EC2236-60EA-4E49-A337-D32EAE51FDED",
              "versionEndIncluding": "1.2.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:toshiba:hem-gw26a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D699E38-BB97-4831-B5BF-E1DF1735ABEB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device."
    },
    {
      "lang": "es",
      "value": "La puerta de enlace Toshiba Home HEM-GW16A, en versiones 1.2.9 y anteriores, y la puerta de enlace Toshiba Home HEM-GW26A, en versiones 1.2.9 y anteriores, permiten que un atacante en el mismo segmento de red omita las restricciones de acceso para acceder a la informaci\u00f3n y los archivos almacenados en el dispositivo afectado."
    }
  ],
  "id": "CVE-2018-16197",
  "lastModified": "2024-11-21T03:52:16.390",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-09T23:29:04.623",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN99810718/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN99810718/index.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-H36G-MQJ9-C9H2

Vulnerability from github – Published: 2022-05-13 01:50 – Updated: 2022-05-13 01:50

Details

Severity

6.5 (Medium)


                  
                    CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-16197"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-09T23:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device.",
  "id": "GHSA-h36g-mqj9-c9h2",
  "modified": "2022-05-13T01:50:18Z",
  "published": "2022-05-13T01:50:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16197"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN99810718/index.html"
    },
    {
      "type": "WEB",
      "url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2018-16197

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-16197

Aliases

CVE-2018-16197

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-16197",
    "description": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device.",
    "id": "GSD-2018-16197"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-16197"
      ],
      "details": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device.",
      "id": "GSD-2018-16197",
      "modified": "2023-12-13T01:22:25.945740Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2018-16197",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Fails to restrict access"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "JVN#99810718",
            "refsource": "JVN",
            "url": "https://jvn.jp/en/jp/JVN99810718/index.html"
          },
          {
            "name": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm",
            "refsource": "MISC",
            "url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:toshiba:hem-gw16a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.2.9",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:toshiba:hem-gw16a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:toshiba:hem-gw26a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.2.9",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:toshiba:hem-gw26a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-16197"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#99810718",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/en/jp/JVN99810718/index.html"
            },
            {
              "name": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2019-01-09T23:29Z"
    }
  }
}

JVNDB-2018-000132

Vulnerability from jvndb - Published: 2018-12-19 15:20 - Updated:2019-08-28 10:45

Severity

8.8 (High) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in Toshiba Lighting & Technology Corporation Home gateway

Details

Home gateway provided by Toshiba Lighting & Technology Corporation contains multiple vulnerabilities listed below. * Improper access control (CWE-284) - CVE-2018-16197 * Hidden functionality (CWE-912) - CVE-2018-16198 * Cross-site scripting (CWE-79) - CVE-2018-16199 * OS command injection (CWE-78) - CVE-2018-16200 * Hard-coded credentials (CWE-798) - CVE-2018-16201 The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-16197 Toshitsugu Yoneyama, Yutaka Kokubu, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-16198, CVE-2018-16199 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. CVE-2018-16200, CVE-2018-16201 Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN99810718/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16197
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16198
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16199
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16200
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16201
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-16197
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-16198
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-16199
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-16200
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-16201
	Credentials Management(CWE-255)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	TOSHIBA LIGHTING & TECHNOLOGY CORPORATION	TOSHIBA Home Gateway HEM-GW16A
	TOSHIBA LIGHTING & TECHNOLOGY CORPORATION	TOSHIBA Home Gateway HEM-GW26A

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000132.html",
  "dc:date": "2019-08-28T10:45+09:00",
  "dcterms:issued": "2018-12-19T15:20+09:00",
  "dcterms:modified": "2019-08-28T10:45+09:00",
  "description": "Home gateway provided by Toshiba Lighting \u0026 Technology Corporation contains multiple vulnerabilities listed below. \r\n* Improper access control (CWE-284) - CVE-2018-16197\r\n* Hidden functionality (CWE-912) - CVE-2018-16198\r\n* Cross-site scripting (CWE-79) - CVE-2018-16199\r\n* OS command injection (CWE-78) - CVE-2018-16200\r\n* Hard-coded credentials (CWE-798) - CVE-2018-16201\r\n\r\nThe following researchers reported the vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\nCVE-2018-16197\r\nToshitsugu Yoneyama, Yutaka Kokubu, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc.\r\n\r\nCVE-2018-16198, CVE-2018-16199\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc.\r\n\r\nCVE-2018-16200, CVE-2018-16201\r\nYutaka Kokubu of Mitsui Bussan Secure Directions, Inc.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000132.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:toshiba:hem-gw16a_firmware",
      "@product": "TOSHIBA Home Gateway HEM-GW16A",
      "@vendor": "TOSHIBA LIGHTING \u0026 TECHNOLOGY CORPORATION",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:toshiba:hem-gw26a_firmware",
      "@product": "TOSHIBA Home Gateway HEM-GW26A",
      "@vendor": "TOSHIBA LIGHTING \u0026 TECHNOLOGY CORPORATION",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "8.3",
      "@severity": "High",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
      "@version": "2.0"
    },
    {
      "@score": "8.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000132",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN99810718/index.html",
      "@id": "JVN#99810718",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16197",
      "@id": "CVE-2018-16197",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16198",
      "@id": "CVE-2018-16198",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16199",
      "@id": "CVE-2018-16199",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16200",
      "@id": "CVE-2018-16200",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16201",
      "@id": "CVE-2018-16201",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16197",
      "@id": "CVE-2018-16197",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16198",
      "@id": "CVE-2018-16198",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16199",
      "@id": "CVE-2018-16199",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16200",
      "@id": "CVE-2018-16200",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16201",
      "@id": "CVE-2018-16201",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-255",
      "@title": "Credentials Management(CWE-255)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in Toshiba Lighting \u0026 Technology Corporation Home gateway"
}

VAR-201901-0795

Vulnerability from variot - Updated: 2023-12-18 12:28

Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device. Home gateway provided by Toshiba Lighting & Technology Corporation contains multiple vulnerabilities listed below. * Improper access control (CWE-284) - CVE-2018-16197 * Hidden functionality (CWE-912) - CVE-2018-16198 * Cross-site scripting (CWE-79) - CVE-2018-16199 * OS command injection (CWE-78) - CVE-2018-16200 * Hard-coded credentials (CWE-798) - CVE-2018-16201 The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-16197 Toshitsugu Yoneyama, Yutaka Kokubu, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-16198, CVE-2018-16199 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. CVE-2018-16200, CVE-2018-16201 Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc.* The information and files stored on the affected device may be accessed. - CVE-2018-16197, CVE-2018-16201 * The affected device may be operated by an attacker. - CVE-2018-16198, CVE-2018-16201 * An arbitrary script may be executed on the user's web browser. - CVE-2018-16199 * An arbitrary OS command may be executed on the affected device. - CVE-2018-16200, CVE-2018-16201. An access control error vulnerability exists in TOSHIBAHomeGatewayHEM-GW26A1.2.9 and earlier and TOSHIBAHomeGateway 1.2.9 and earlier

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201901-0795",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "hem-gw26a",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "toshiba",
        "version": "1.2.9"
      },
      {
        "model": "hem-gw16a",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "toshiba",
        "version": "1.2.9"
      },
      {
        "model": "home gateway hem-gw16a",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "toshiba lighting",
        "version": "1.2.9"
      },
      {
        "model": "home gateway hem-gw26a",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "toshiba lighting",
        "version": "1.2.9"
      },
      {
        "model": "home gateway hem-gw26a",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "toshiba",
        "version": "\u003c=1.2.9"
      },
      {
        "model": "home gateway",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "toshiba",
        "version": "\u003c=1.2.9"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-17156"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000132"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16197"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:toshiba:hem-gw16a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.2.9",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:toshiba:hem-gw16a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:toshiba:hem-gw26a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.2.9",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:toshiba:hem-gw26a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-16197"
      }
    ]
  },
  "cve": "CVE-2018-16197",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 5.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000132",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 2.4,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Complete",
            "baseScore": 8.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000132",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000132",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "id": "CNVD-2019-17156",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "id": "VHN-126532",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000132",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 2.4,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "Low",
            "baseScore": 6.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000132",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000132",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "IPA",
            "id": "JVNDB-2018-000132",
            "trust": 2.4,
            "value": "High"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2018-000132",
            "trust": 1.6,
            "value": "Medium"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-16197",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-17156",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201812-807",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-126532",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-17156"
      },
      {
        "db": "VULHUB",
        "id": "VHN-126532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000132"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000132"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000132"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000132"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000132"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16197"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-807"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device. Home gateway provided by Toshiba Lighting \u0026 Technology Corporation contains multiple vulnerabilities listed below. * Improper access control (CWE-284) - CVE-2018-16197 * Hidden functionality (CWE-912) - CVE-2018-16198 * Cross-site scripting (CWE-79) - CVE-2018-16199 * OS command injection (CWE-78) - CVE-2018-16200 * Hard-coded credentials (CWE-798) - CVE-2018-16201 The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-16197 Toshitsugu Yoneyama, Yutaka Kokubu, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-16198, CVE-2018-16199 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. CVE-2018-16200, CVE-2018-16201 Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc.* The information and files stored on the affected device may be accessed. - CVE-2018-16197, CVE-2018-16201 * The affected device may be operated by an attacker. - CVE-2018-16198, CVE-2018-16201 * An arbitrary script may be executed on the user\u0027s web browser. - CVE-2018-16199 * An arbitrary OS command may be executed on the affected device. - CVE-2018-16200, CVE-2018-16201. An access control error vulnerability exists in TOSHIBAHomeGatewayHEM-GW26A1.2.9 and earlier and TOSHIBAHomeGateway 1.2.9 and earlier",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-16197"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000132"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-17156"
      },
      {
        "db": "VULHUB",
        "id": "VHN-126532"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-16197",
        "trust": 3.1
      },
      {
        "db": "JVN",
        "id": "JVN99810718",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000132",
        "trust": 1.4
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-807",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-17156",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-126532",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-17156"
      },
      {
        "db": "VULHUB",
        "id": "VHN-126532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000132"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16197"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-807"
      }
    ]
  },
  "id": "VAR-201901-0795",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-17156"
      },
      {
        "db": "VULHUB",
        "id": "VHN-126532"
      }
    ],
    "trust": 1.5214285766666666
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-17156"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:28:33.105000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Toshiba Lighting \u0026 Technology Corporation website",
        "trust": 0.8,
        "url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
      },
      {
        "title": "TOSHIBAHomeGatewayHEM-GW26A and TOSHIBAHomeGatewayHEM-GW16A Access Control Error Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/163449"
      },
      {
        "title": "TOSHIBA Home Gateway HEM-GW26A  and TOSHIBA Home Gateway HEM-GW16A Fixes for access control error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88003"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-17156"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000132"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-807"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-78",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-79",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-255",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-284",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-126532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000132"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16197"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://jvn.jp/en/jp/jvn99810718/index.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16201"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16197"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16198"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16199"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16200"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16197"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16198"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16199"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16200"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16201"
      },
      {
        "trust": 0.6,
        "url": "https://jvndb.jvn.jp/en/contents/2018/jvndb-2018-000132.html"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-17156"
      },
      {
        "db": "VULHUB",
        "id": "VHN-126532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000132"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16197"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-807"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-17156"
      },
      {
        "db": "VULHUB",
        "id": "VHN-126532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000132"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16197"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-807"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-17156"
      },
      {
        "date": "2019-01-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-126532"
      },
      {
        "date": "2018-12-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-000132"
      },
      {
        "date": "2019-01-09T23:29:04.623000",
        "db": "NVD",
        "id": "CVE-2018-16197"
      },
      {
        "date": "2018-12-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-807"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-17156"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-126532"
      },
      {
        "date": "2019-08-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-000132"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2018-16197"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-807"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-807"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "TOSHIBA Home Gateway HEM-GW26A and TOSHIBA Home Gateway HEM-GW16A Access Control Error Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-17156"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-807"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "access control error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-807"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-16197 (GCVE-0-2018-16197)

CNVD-2019-17156

FKIE_CVE-2018-16197

GHSA-H36G-MQJ9-C9H2

GSD-2018-16197

JVNDB-2018-000132

VAR-201901-0795

Tags

Sightings

Nomenclature