Vulnerability Description
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Toshiba | Hem-Gw16A Firmware | <= 1.2.9 |
| Toshiba | Hem-Gw16A | - |
| Toshiba | Hem-Gw26A Firmware | <= 1.2.9 |
| Toshiba | Hem-Gw26A | - |
Related Weaknesses (CWE)
References
- http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htmVendor Advisory
- https://jvn.jp/en/jp/JVN99810718/index.htmlThird Party Advisory
- http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htmVendor Advisory
- https://jvn.jp/en/jp/JVN99810718/index.htmlThird Party Advisory
FAQ
What is CVE-2018-16201?
CVE-2018-16201 is a vulnerability with a CVSS score of 8.8 (HIGH). Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the ...
How severe is CVE-2018-16201?
CVE-2018-16201 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-16201?
Check the references section above for vendor advisories and patch information. Affected products include: Toshiba Hem-Gw16A Firmware, Toshiba Hem-Gw16A, Toshiba Hem-Gw26A Firmware, Toshiba Hem-Gw26A.