CVE-2018-16201

Published: Jan 9, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands.

Affected (2)

Products: Toshiba: Hem Gw16a Firmware, Hem Gw26a Firmware

2 products

Hem Gw16a Firmware

Hem Gw26a Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Toshiba Hem Gw16a Firmware	Up to 1.2.9

Running on/with	Platform Versions
Toshiba Hem Gw16a	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Toshiba Hem Gw26a Firmware	Up to 1.2.9

Running on/with	Platform Versions
Toshiba Hem Gw26a	All versions

Related CWEs

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (4)

http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm

Source: vultures@jpcert.or.jp

Vendor Advisory

https://jvn.jp/en/jp/JVN99810718/index.html

Source: vultures@jpcert.or.jp

Third Party Advisory

http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://jvn.jp/en/jp/JVN99810718/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.