PT-2019-9266 · Toshiba · Toshiba Home Gateway Hem-Gw16A+1

Yutaka Kokubu

Publicado

2019-01-09

Atualizado

2019-01-24

CVE-2018-16201

CVSS v3.1

8.8

Alta

Vetor

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Toshiba Home gateway HEM-GW16A versions 1.2.9 and earlier Toshiba Home gateway HEM-GW26A versions 1.2.9 and earlier

Description The issue allows an attacker on the same network segment to login to the administrator's settings screen and change the configuration or execute arbitrary OS commands due to the use of hard-coded credentials.

Recommendations For Toshiba Home gateway HEM-GW16A versions 1.2.9 and earlier, consider changing the hard-coded credentials to unique and secure ones until a patch is available. For Toshiba Home gateway HEM-GW26A versions 1.2.9 and earlier, consider changing the hard-coded credentials to unique and secure ones until a patch is available.

Correção

Using Hardcoded Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-798

Identificadores relacionados

CVE-2018-16201

Produtos afetados

Toshiba Home Gateway Hem-Gw16A

Toshiba Home Gateway Hem-Gw26A

PT-2019-9266 · Toshiba · Toshiba Home Gateway Hem-Gw16A+1

CVE-2018-16201

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4