Command Injection Vulnerability in Toshiba Home Gateways
CVE-2018-16200

8.8HIGH

Key Information:

Vendor: Toshiba
Status: Toshiba Home Gateway Hem-gw16a And Toshiba Home Gateway Hem-gw26a
Vendor: CVE Published:; 9 January 2019

Summary

The Toshiba Home Gateway models HEM-GW16A and HEM-GW26A are vulnerable to a command injection flaw that allows an attacker on the same local network segment to execute arbitrary operating system commands. This weakness arises in versions 1.2.9 and earlier, potentially enabling unauthorized access and control over network device functions, which can compromise the network's integrity.

Affected Version(s)

Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A (Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)

References

https://jvn.jp/en/jp/JVN99810718/index.html

third-party-advisoryx_refsource_JVN

http://www.tlt.co.jp/tlt/information/seihin/notice/defect...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 9, 2019
Vulnerability Reserved
Aug 30, 2018