Hard-coded Credential Vulnerability in Toshiba Home Gateways
CVE-2017-2236

9.8CRITICAL

Key Information:

Vendor: Toshiba
Status: Toshiba Home Gateway Hem-gw16a; Toshiba Home Gateway Hem-gw26a
Vendor: CVE Published:; 7 July 2017

What is CVE-2017-2236?

The Toshiba Home gateways, specifically the HEM-GW16A and HEM-GW26A models with firmware versions HEM-GW16A-FW-V1.2.0 and earlier, are impacted by a vulnerability that utilizes hard-coded credentials. This allows attackers to gain unauthorized access and perform administrative functions on the device, potentially compromising the network and connected resources. Users are advised to review their security configurations and update to the latest firmware to mitigate the risk.

Affected Version(s)

Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier

Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier

References

http://jvn.jp/en/jp/JVN85901441/index.html

third-party-advisoryx_refsource_JVN

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 7, 2017
Vulnerability Reserved
Dec 1, 2016