Remote Access Vulnerability in Toshiba Home Gateways
CVE-2017-2234

9.8CRITICAL

Key Information:

Vendor: Toshiba
Status: Toshiba Home Gateway Hem-gw16a; Toshiba Home Gateway Hem-gw26a
Vendor: CVE Published:; 7 July 2017

Summary

A vulnerability in Toshiba Home gateways HEM-GW16A and HEM-GW26A allows remote attackers to exploit a non-documented developer screen. This exposure gives unauthorized users the ability to perform operations with administrative privileges on affected devices, jeopardizing the security and integrity of the network.

Affected Version(s)

Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier

Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier

References

http://jvn.jp/en/jp/JVN85901441/index.html

third-party-advisoryx_refsource_JVN

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 7, 2017
Vulnerability Reserved
Dec 1, 2016