CVE-2018-16201
Severity Score
8.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands.
La puerta de enlace Toshiba Home HEM-GW16A, en versiones 1.2.9 y anteriores, y la puerta de enlace Toshiba Home HEM-GW26A, en versiones 1.2.9 y anteriores, emplea credenciales embebidas, lo que podría permitir que un atacante en el mismo segmento de red inicie sesión en la pantalla de opciones de administrador y cambie la configuración o ejecute comandos arbitrarios del sistema operativo.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-08-30 CVE Reserved
- 2019-01-09 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://jvn.jp/en/jp/JVN99810718/index.html | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm | 2019-01-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Toshiba Search vendor "Toshiba" | Hem-gw16a Firmware Search vendor "Toshiba" for product "Hem-gw16a Firmware" | <= 1.2.9 Search vendor "Toshiba" for product "Hem-gw16a Firmware" and version " <= 1.2.9" | - |
Affected
| in | Toshiba Search vendor "Toshiba" | Hem-gw16a Search vendor "Toshiba" for product "Hem-gw16a" | - | - |
Safe
|
| Toshiba Search vendor "Toshiba" | Hem-gw26a Firmware Search vendor "Toshiba" for product "Hem-gw26a Firmware" | <= 1.2.9 Search vendor "Toshiba" for product "Hem-gw26a Firmware" and version " <= 1.2.9" | - |
Affected
| in | Toshiba Search vendor "Toshiba" | Hem-gw26a Search vendor "Toshiba" for product "Hem-gw26a" | - | - |
Safe
|