Command Injection Vulnerability in Toshiba Home Gateway Products
CVE-2017-2237

9.8CRITICAL

Key Information:

Vendor: Toshiba
Status: Toshiba Home Gateway Hem-gw16a; Toshiba Home Gateway Hem-gw26a
Vendor: CVE Published:; 7 July 2017

What is CVE-2017-2237?

Toshiba Home Gateway products, specifically the HEM-GW16A and HEM-GW26A models with firmware versions HEM-GW16A-FW-V1.2.0 and HEM-GW26A-FW-V1.2.0 or earlier, are susceptible to a command injection vulnerability. This flaw permits attackers to execute arbitrary operating system commands through unspecified vectors, potentially compromising the security and functionality of affected devices, enabling unauthorized actions and data exposure.

Affected Version(s)

Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier

Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier

References

http://jvn.jp/en/jp/JVN85901441/index.html

third-party-advisoryx_refsource_JVN

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 7, 2017
Vulnerability Reserved
Dec 1, 2016