CVE-2017-2236

2017-07-0713:00:00

jpcert

www.cve.org

AI Score

9.5

Confidence

High

EPSS

0.002

Percentile

58.6%

JSON

Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges.

CNA Affected

[
  {
    "product": "Toshiba Home gateway HEM-GW16A",
    "vendor": "Toshiba Lighting & Technology Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
      }
    ]
  },
  {
    "product": "Toshiba Home gateway HEM-GW26A",
    "vendor": "Toshiba Lighting & Technology Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN85901441/index.html