Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
16 vulnerabilities found for Toshiba Home gateway HEM-GW16A by Toshiba Lighting & Technology Corporation
JVNDB-2018-000132
Vulnerability from jvndb - Published: 2018-12-19 15:20 - Updated:2019-08-28 10:45
Severity ?
Summary
Multiple vulnerabilities in Toshiba Lighting & Technology Corporation Home gateway
Details
Home gateway provided by Toshiba Lighting & Technology Corporation contains multiple vulnerabilities listed below.
* Improper access control (CWE-284) - CVE-2018-16197
* Hidden functionality (CWE-912) - CVE-2018-16198
* Cross-site scripting (CWE-79) - CVE-2018-16199
* OS command injection (CWE-78) - CVE-2018-16200
* Hard-coded credentials (CWE-798) - CVE-2018-16201
The following researchers reported the vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2018-16197
Toshitsugu Yoneyama, Yutaka Kokubu, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc.
CVE-2018-16198, CVE-2018-16199
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc.
CVE-2018-16200, CVE-2018-16201
Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000132.html",
"dc:date": "2019-08-28T10:45+09:00",
"dcterms:issued": "2018-12-19T15:20+09:00",
"dcterms:modified": "2019-08-28T10:45+09:00",
"description": "Home gateway provided by Toshiba Lighting \u0026 Technology Corporation contains multiple vulnerabilities listed below. \r\n* Improper access control (CWE-284) - CVE-2018-16197\r\n* Hidden functionality (CWE-912) - CVE-2018-16198\r\n* Cross-site scripting (CWE-79) - CVE-2018-16199\r\n* OS command injection (CWE-78) - CVE-2018-16200\r\n* Hard-coded credentials (CWE-798) - CVE-2018-16201\r\n\r\nThe following researchers reported the vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\nCVE-2018-16197\r\nToshitsugu Yoneyama, Yutaka Kokubu, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc.\r\n\r\nCVE-2018-16198, CVE-2018-16199\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc.\r\n\r\nCVE-2018-16200, CVE-2018-16201\r\nYutaka Kokubu of Mitsui Bussan Secure Directions, Inc.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000132.html",
"sec:cpe": [
{
"#text": "cpe:/o:toshiba:hem-gw16a_firmware",
"@product": "TOSHIBA Home Gateway HEM-GW16A",
"@vendor": "TOSHIBA LIGHTING \u0026 TECHNOLOGY CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:toshiba:hem-gw26a_firmware",
"@product": "TOSHIBA Home Gateway HEM-GW26A",
"@vendor": "TOSHIBA LIGHTING \u0026 TECHNOLOGY CORPORATION",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "8.3",
"@severity": "High",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000132",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN99810718/index.html",
"@id": "JVN#99810718",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16197",
"@id": "CVE-2018-16197",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16198",
"@id": "CVE-2018-16198",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16199",
"@id": "CVE-2018-16199",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16200",
"@id": "CVE-2018-16200",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16201",
"@id": "CVE-2018-16201",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16197",
"@id": "CVE-2018-16197",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16198",
"@id": "CVE-2018-16198",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16199",
"@id": "CVE-2018-16199",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16200",
"@id": "CVE-2018-16200",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16201",
"@id": "CVE-2018-16201",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-255",
"@title": "Credentials Management(CWE-255)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in Toshiba Lighting \u0026 Technology Corporation Home gateway"
}
JVNDB-2017-000147
Vulnerability from jvndb - Published: 2017-06-28 10:28 - Updated:2018-02-14 12:10
Severity ?
Summary
Non-documented developer's screen in Toshiba Lighting & Technology Corporation Home gateway
Details
Home gateway provided by Toshiba Lighting & Technology Corporation contains non-documented developer's screen.
Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000147.html",
"dc:date": "2018-02-14T12:10+09:00",
"dcterms:issued": "2017-06-28T10:28+09:00",
"dcterms:modified": "2018-02-14T12:10+09:00",
"description": "Home gateway provided by Toshiba Lighting \u0026 Technology Corporation contains non-documented developer\u0027s screen.\r\n\r\nYutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000147.html",
"sec:cpe": [
{
"#text": "cpe:/o:toshiba:hem-gw16a_firmware",
"@product": "TOSHIBA Home Gateway HEM-GW16A",
"@vendor": "TOSHIBA LIGHTING \u0026 TECHNOLOGY CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:toshiba:hem-gw26a_firmware",
"@product": "TOSHIBA Home Gateway HEM-GW26A",
"@vendor": "TOSHIBA LIGHTING \u0026 TECHNOLOGY CORPORATION",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "2.7",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "2.4",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000147",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN85901441/index.html",
"@id": "JVN#85901441",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2234",
"@id": "CVE-2017-2234",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2234",
"@id": "CVE-2017-2234",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Non-documented developer\u0027s screen in Toshiba Lighting \u0026 Technology Corporation Home gateway"
}
JVNDB-2017-000151
Vulnerability from jvndb - Published: 2017-06-28 10:28 - Updated:2018-02-14 12:10
Severity ?
Summary
Cross-site request forgery vulnerability in Toshiba Lighting & Technology Corporation Home gateway
Details
Home gateway provided by Toshiba Lighting & Technology Corporation contains cross-site request forgery.
Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000151.html",
"dc:date": "2018-02-14T12:10+09:00",
"dcterms:issued": "2017-06-28T10:28+09:00",
"dcterms:modified": "2018-02-14T12:10+09:00",
"description": "Home gateway provided by Toshiba Lighting \u0026 Technology Corporation contains cross-site request forgery.\r\n\r\nYutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000151.html",
"sec:cpe": [
{
"#text": "cpe:/o:toshiba:hem-gw16a_firmware",
"@product": "TOSHIBA Home Gateway HEM-GW16A",
"@vendor": "TOSHIBA LIGHTING \u0026 TECHNOLOGY CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:toshiba:hem-gw26a_firmware",
"@product": "TOSHIBA Home Gateway HEM-GW26A",
"@vendor": "TOSHIBA LIGHTING \u0026 TECHNOLOGY CORPORATION",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "7.1",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000151",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN85901441/index.html",
"@id": "JVN#85901441",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2238",
"@id": "CVE-2017-2238",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2238",
"@id": "CVE-2017-2238",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "Cross-site request forgery vulnerability in Toshiba Lighting \u0026 Technology Corporation Home gateway"
}
JVNDB-2017-000150
Vulnerability from jvndb - Published: 2017-06-28 10:28 - Updated:2018-02-14 12:10
Severity ?
Summary
OS command injection vulnerability in Toshiba Lighting & Technology Corporation Home gateway
Details
Home gateway provided by Toshiba Lighting & Technology Corporation contains OS command injection.
Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000150.html",
"dc:date": "2018-02-14T12:10+09:00",
"dcterms:issued": "2017-06-28T10:28+09:00",
"dcterms:modified": "2018-02-14T12:10+09:00",
"description": "Home gateway provided by Toshiba Lighting \u0026 Technology Corporation contains OS command injection.\r\n\r\nYutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000150.html",
"sec:cpe": [
{
"#text": "cpe:/o:toshiba:hem-gw16a_firmware",
"@product": "TOSHIBA Home Gateway HEM-GW16A",
"@vendor": "TOSHIBA LIGHTING \u0026 TECHNOLOGY CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:toshiba:hem-gw26a_firmware",
"@product": "TOSHIBA Home Gateway HEM-GW26A",
"@vendor": "TOSHIBA LIGHTING \u0026 TECHNOLOGY CORPORATION",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "5.2",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000150",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN85901441/index.html",
"@id": "JVN#85901441",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2237",
"@id": "CVE-2017-2237",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2237",
"@id": "CVE-2017-2237",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "OS command injection vulnerability in Toshiba Lighting \u0026 Technology Corporation Home gateway"
}
JVNDB-2017-000148
Vulnerability from jvndb - Published: 2017-06-28 10:23 - Updated:2018-02-14 12:10
Severity ?
Summary
Improper access control vulnerability in Toshiba Lighting & Technology Corporation Home gateway
Details
Home gateway provided by Toshiba Lighting & Technology Corporation contains improper access control.
Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000148.html",
"dc:date": "2018-02-14T12:10+09:00",
"dcterms:issued": "2017-06-28T10:23+09:00",
"dcterms:modified": "2018-02-14T12:10+09:00",
"description": "Home gateway provided by Toshiba Lighting \u0026 Technology Corporation contains improper access control.\r\n\r\nYutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000148.html",
"sec:cpe": [
{
"#text": "cpe:/o:toshiba:hem-gw16a_firmware",
"@product": "TOSHIBA Home Gateway HEM-GW16A",
"@vendor": "TOSHIBA LIGHTING \u0026 TECHNOLOGY CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:toshiba:hem-gw26a_firmware",
"@product": "TOSHIBA Home Gateway HEM-GW26A",
"@vendor": "TOSHIBA LIGHTING \u0026 TECHNOLOGY CORPORATION",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000148",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN85901441/index.html",
"@id": "JVN#85901441",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2235",
"@id": "CVE-2017-2235",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2235",
"@id": "CVE-2017-2235",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Improper access control vulnerability in Toshiba Lighting \u0026 Technology Corporation Home gateway"
}
JVNDB-2017-000149
Vulnerability from jvndb - Published: 2017-06-28 10:23 - Updated:2018-02-14 12:10
Severity ?
Summary
Hard-coded credentials vulnerability in Toshiba Lighting & Technology Corporation Home gateway
Details
Home gateway provided by Toshiba Lighting & Technology Corporation contains hard-coded credentials.
Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000149.html",
"dc:date": "2018-02-14T12:10+09:00",
"dcterms:issued": "2017-06-28T10:23+09:00",
"dcterms:modified": "2018-02-14T12:10+09:00",
"description": "Home gateway provided by Toshiba Lighting \u0026 Technology Corporation contains hard-coded credentials.\r\n\r\nYutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000149.html",
"sec:cpe": [
{
"#text": "cpe:/o:toshiba:hem-gw16a_firmware",
"@product": "TOSHIBA Home Gateway HEM-GW16A",
"@vendor": "TOSHIBA LIGHTING \u0026 TECHNOLOGY CORPORATION",
"@version": "2.2"
},
{
"#text": "cpe:/o:toshiba:hem-gw26a_firmware",
"@product": "TOSHIBA Home Gateway HEM-GW26A",
"@vendor": "TOSHIBA LIGHTING \u0026 TECHNOLOGY CORPORATION",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "8.3",
"@severity": "High",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000149",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN85901441/index.html",
"@id": "JVN#85901441",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2236",
"@id": "CVE-2017-2236",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2236",
"@id": "CVE-2017-2236",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Hard-coded credentials vulnerability in Toshiba Lighting \u0026 Technology Corporation Home gateway"
}
CVE-2017-2238 (GCVE-0-2017-2238)
Vulnerability from nvd – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Cross-site request forgery
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A |
Affected:
firmware HEM-GW16A-FW-V1.2.0 and earlier
|
|||||||
|
|||||||||
Date Public ?
2017-06-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
},
{
"product": "Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
],
"datePublic": "2017-06-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
}
},
{
"product_name": "Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#85901441",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2238",
"datePublished": "2017-07-07T13:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:05.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2237 (GCVE-0-2017-2237)
Vulnerability from nvd – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A |
Affected:
firmware HEM-GW16A-FW-V1.2.0 and earlier
|
|||||||
|
|||||||||
Date Public ?
2017-06-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:04.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
},
{
"product": "Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
],
"datePublic": "2017-06-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
}
},
{
"product_name": "Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#85901441",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2237",
"datePublished": "2017-07-07T13:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:04.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2236 (GCVE-0-2017-2236)
Vulnerability from nvd – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges.
Severity ?
No CVSS data available.
CWE
- Use of Hard-coded Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A |
Affected:
firmware HEM-GW16A-FW-V1.2.0 and earlier
|
|||||||
|
|||||||||
Date Public ?
2017-06-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
},
{
"product": "Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
],
"datePublic": "2017-06-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Hard-coded Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
}
},
{
"product_name": "Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#85901441",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2236",
"datePublished": "2017-07-07T13:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:05.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2235 (GCVE-0-2017-2235)
Vulnerability from nvd – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to bypass access restriction to change the administrator account password via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Fails to restrict access
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A |
Affected:
firmware HEM-GW16A-FW-V1.2.0 and earlier
|
|||||||
|
|||||||||
Date Public ?
2017-06-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:04.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
},
{
"product": "Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
],
"datePublic": "2017-06-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to bypass access restriction to change the administrator account password via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
}
},
{
"product_name": "Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to bypass access restriction to change the administrator account password via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#85901441",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2235",
"datePublished": "2017-07-07T13:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:04.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2234 (GCVE-0-2017-2234)
Vulnerability from nvd – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on device with administrative privileges.
Severity ?
No CVSS data available.
CWE
- Hidden Functionality
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A |
Affected:
firmware HEM-GW16A-FW-V1.2.0 and earlier
|
|||||||
|
|||||||||
Date Public ?
2017-06-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:04.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
},
{
"product": "Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
],
"datePublic": "2017-06-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on device with administrative privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hidden Functionality",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
}
},
{
"product_name": "Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on device with administrative privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Hidden Functionality"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#85901441",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2234",
"datePublished": "2017-07-07T13:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:04.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2238 (GCVE-0-2017-2238)
Vulnerability from cvelistv5 – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Cross-site request forgery
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A |
Affected:
firmware HEM-GW16A-FW-V1.2.0 and earlier
|
|||||||
|
|||||||||
Date Public ?
2017-06-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
},
{
"product": "Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
],
"datePublic": "2017-06-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
}
},
{
"product_name": "Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#85901441",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2238",
"datePublished": "2017-07-07T13:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:05.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2235 (GCVE-0-2017-2235)
Vulnerability from cvelistv5 – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to bypass access restriction to change the administrator account password via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Fails to restrict access
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A |
Affected:
firmware HEM-GW16A-FW-V1.2.0 and earlier
|
|||||||
|
|||||||||
Date Public ?
2017-06-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:04.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
},
{
"product": "Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
],
"datePublic": "2017-06-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to bypass access restriction to change the administrator account password via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
}
},
{
"product_name": "Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to bypass access restriction to change the administrator account password via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#85901441",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2235",
"datePublished": "2017-07-07T13:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:04.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2237 (GCVE-0-2017-2237)
Vulnerability from cvelistv5 – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A |
Affected:
firmware HEM-GW16A-FW-V1.2.0 and earlier
|
|||||||
|
|||||||||
Date Public ?
2017-06-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:04.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
},
{
"product": "Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
],
"datePublic": "2017-06-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
}
},
{
"product_name": "Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#85901441",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2237",
"datePublished": "2017-07-07T13:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:04.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2236 (GCVE-0-2017-2236)
Vulnerability from cvelistv5 – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges.
Severity ?
No CVSS data available.
CWE
- Use of Hard-coded Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A |
Affected:
firmware HEM-GW16A-FW-V1.2.0 and earlier
|
|||||||
|
|||||||||
Date Public ?
2017-06-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
},
{
"product": "Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
],
"datePublic": "2017-06-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Hard-coded Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
}
},
{
"product_name": "Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#85901441",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2236",
"datePublished": "2017-07-07T13:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:05.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2234 (GCVE-0-2017-2234)
Vulnerability from cvelistv5 – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on device with administrative privileges.
Severity ?
No CVSS data available.
CWE
- Hidden Functionality
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A |
Affected:
firmware HEM-GW16A-FW-V1.2.0 and earlier
|
|||||||
|
|||||||||
Date Public ?
2017-06-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:04.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
},
{
"product": "Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
],
"datePublic": "2017-06-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on device with administrative privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hidden Functionality",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#85901441",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
}
]
}
},
{
"product_name": "Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on device with administrative privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Hidden Functionality"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#85901441",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85901441/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2234",
"datePublished": "2017-07-07T13:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:04.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}