Cross-Site Scripting Flaw in Toshiba Home Gateway Products
CVE-2018-16199

6.1MEDIUM

Key Information:

Vendor: Toshiba
Status: Toshiba Home Gateway Hem-gw16a And Toshiba Home Gateway Hem-gw26a
Vendor: CVE Published:; 9 January 2019

Summary

A cross-site scripting vulnerability exists in Toshiba Home gateway models HEM-GW16A and HEM-GW26A versions 1.2.9 and earlier. This flaw allows attackers to inject arbitrary web scripts or HTML into the gateway’s interface, potentially compromising user data and enabling unauthorized actions. Attackers can exploit this vulnerability via unspecified vectors, posing significant security risks for users of these products.

Affected Version(s)

Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A (Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)

References

https://jvn.jp/en/jp/JVN99810718/index.html

third-party-advisoryx_refsource_JVN

http://www.tlt.co.jp/tlt/information/seihin/notice/defect...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 9, 2019
Vulnerability Reserved
Aug 30, 2018