CVE-2018-16201

EUVD-2018-8054
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
Affected Products (NVD)
VendorProductVersion
toshibahem-gw16a_firmware
𝑥
≤ 1.2.9
toshibahem-gw26a_firmware
𝑥
≤ 1.2.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm
https://jvn.jp/en/jp/JVN99810718/index.html
http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm
https://jvn.jp/en/jp/JVN99810718/index.html