Search
Find a vulnerability
Search criteria
10 vulnerabilities found for Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A by Toshiba Lighting & Technology Corporation
CVE-2018-16201 (GCVE-0-2018-16201)
Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI
Summary
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands.
Severity
No CVSS data available.
CWE
- Use of Hard-coded Credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN99810718/index.html | third-party-advisoryx_refsource_JVN |
| http://www.tlt.co.jp/tlt/information/seihin/notic… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A |
Affected:
(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Hard-coded Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#99810718",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"name": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm",
"refsource": "MISC",
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16201",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2018-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:17:38.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16200 (GCVE-0-2018-16200)
Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI
Summary
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands.
Severity
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN99810718/index.html | third-party-advisoryx_refsource_JVN |
| http://www.tlt.co.jp/tlt/information/seihin/notic… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A |
Affected:
(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#99810718",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"name": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm",
"refsource": "MISC",
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16200",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2018-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:17:38.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16199 (GCVE-0-2018-16199)
Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI
Summary
Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN99810718/index.html | third-party-advisoryx_refsource_JVN |
| http://www.tlt.co.jp/tlt/information/seihin/notic… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A |
Affected:
(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#99810718",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"name": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm",
"refsource": "MISC",
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16199",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2018-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:17:38.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16198 (GCVE-0-2018-16198)
Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI
Summary
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device.
Severity
No CVSS data available.
CWE
- Hidden Functionality
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN99810718/index.html | third-party-advisoryx_refsource_JVN |
| http://www.tlt.co.jp/tlt/information/seihin/notic… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A |
Affected:
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hidden Functionality",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Hidden Functionality"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#99810718",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"name": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm",
"refsource": "MISC",
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16198",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2018-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:17:38.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16197 (GCVE-0-2018-16197)
Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI
Summary
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device.
Severity
No CVSS data available.
CWE
- Fails to restrict access
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN99810718/index.html | third-party-advisoryx_refsource_JVN |
| http://www.tlt.co.jp/tlt/information/seihin/notic… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A |
Affected:
(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#99810718",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"name": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm",
"refsource": "MISC",
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16197",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2018-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:17:38.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16199 (GCVE-0-2018-16199)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI
Summary
Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN99810718/index.html | third-party-advisoryx_refsource_JVN |
| http://www.tlt.co.jp/tlt/information/seihin/notic… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A |
Affected:
(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#99810718",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"name": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm",
"refsource": "MISC",
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16199",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2018-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:17:38.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16200 (GCVE-0-2018-16200)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI
Summary
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands.
Severity
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN99810718/index.html | third-party-advisoryx_refsource_JVN |
| http://www.tlt.co.jp/tlt/information/seihin/notic… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A |
Affected:
(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#99810718",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"name": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm",
"refsource": "MISC",
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16200",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2018-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:17:38.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16198 (GCVE-0-2018-16198)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI
Summary
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device.
Severity
No CVSS data available.
CWE
- Hidden Functionality
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN99810718/index.html | third-party-advisoryx_refsource_JVN |
| http://www.tlt.co.jp/tlt/information/seihin/notic… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A |
Affected:
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hidden Functionality",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Hidden Functionality"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#99810718",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"name": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm",
"refsource": "MISC",
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16198",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2018-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:17:38.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16201 (GCVE-0-2018-16201)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI
Summary
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands.
Severity
No CVSS data available.
CWE
- Use of Hard-coded Credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN99810718/index.html | third-party-advisoryx_refsource_JVN |
| http://www.tlt.co.jp/tlt/information/seihin/notic… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A |
Affected:
(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Hard-coded Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#99810718",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"name": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm",
"refsource": "MISC",
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16201",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2018-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:17:38.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16197 (GCVE-0-2018-16197)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI
Summary
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device.
Severity
No CVSS data available.
CWE
- Fails to restrict access
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN99810718/index.html | third-party-advisoryx_refsource_JVN |
| http://www.tlt.co.jp/tlt/information/seihin/notic… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Toshiba Lighting & Technology Corporation | Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A |
Affected:
(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"vendor": "Toshiba Lighting \u0026 Technology Corporation",
"versions": [
{
"status": "affected",
"version": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#99810718",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
"version": {
"version_data": [
{
"version_value": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
}
]
}
}
]
},
"vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#99810718",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN99810718/index.html"
},
{
"name": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm",
"refsource": "MISC",
"url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16197",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2018-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:17:38.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}