Vulnerabilities > Toshiba

DATE CVE VULNERABILITY TITLE RISK
2020-04-20 CVE-2020-5569 Unquoted Search Path OR Element vulnerability in Toshiba Password Tool FOR Windows 1.20.6620
An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10.
local
low complexity
toshiba CWE-428
4.6
2020-01-23 CVE-2012-4981 OS Command Injection vulnerability in Toshiba Configfree 8.0.38
Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command Execution Vulnerability
network
toshiba CWE-78
6.8
2019-12-27 CVE-2012-4980 Out-Of-Bounds Write vulnerability in Toshiba Configfree Utility 8.0.38
Multiple stack-based buffer overflows in CFProfile.exe in Toshiba ConfigFree Utility 8.0.38 allow user-assisted attackers to execute arbitrary code.
network
toshiba CWE-787
6.8
2019-01-09 CVE-2018-16201 USE of Hard-Coded Credentials vulnerability in Toshiba Hem-Gw16A Firmware and Hem-Gw26A Firmware
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands.
low complexity
toshiba CWE-798
8.3
2019-01-09 CVE-2018-16200 OS Command Injection vulnerability in Toshiba Hem-Gw16A Firmware and Hem-Gw26A Firmware
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands.
low complexity
toshiba CWE-78
5.8
2019-01-09 CVE-2018-16199 Cross-Site Scripting vulnerability in Toshiba Hem-Gw16A Firmware and Hem-Gw26A Firmware
Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors.
network
toshiba CWE-79
4.3
2019-01-09 CVE-2018-16198 Unspecified vulnerability in Toshiba Hem-Gw16A Firmware and Hem-Gw26A Firmware
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device.
low complexity
toshiba
5.8
2019-01-09 CVE-2018-16197 Unspecified vulnerability in Toshiba Hem-Gw16A Firmware and Hem-Gw26A Firmware
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device.
low complexity
toshiba
3.3
2017-10-16 CVE-2017-15361 Unspecified vulnerability in Infineon RSA Library and Trusted Platform Firmware
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA.
4.3
2017-07-07 CVE-2017-2238 Cross-Site Request Forgery (CSRF) vulnerability in Toshiba Hem-Gw16A Firmware and Hem-Gw26A Firmware
Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
network
toshiba CWE-352
6.8