Vulnerabilities > Toshiba > HEM Gw26A Firmware

DATE CVE VULNERABILITY TITLE RISK
2019-01-09 CVE-2018-16201 Use of Hard-coded Credentials vulnerability in Toshiba Hem-Gw16A Firmware and Hem-Gw26A Firmware
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands.
low complexity
toshiba CWE-798
8.8
2019-01-09 CVE-2018-16200 OS Command Injection vulnerability in Toshiba Hem-Gw16A Firmware and Hem-Gw26A Firmware
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands.
low complexity
toshiba CWE-78
8.8
2019-01-09 CVE-2018-16199 Cross-site Scripting vulnerability in Toshiba Hem-Gw16A Firmware and Hem-Gw26A Firmware
Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
toshiba CWE-79
6.1
2019-01-09 CVE-2018-16198 Unspecified vulnerability in Toshiba Hem-Gw16A Firmware and Hem-Gw26A Firmware
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device.
low complexity
toshiba
8.8
2019-01-09 CVE-2018-16197 Unspecified vulnerability in Toshiba Hem-Gw16A Firmware and Hem-Gw26A Firmware
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device.
low complexity
toshiba
6.5
2017-07-07 CVE-2017-2238 Cross-Site Request Forgery (CSRF) vulnerability in Toshiba Hem-Gw16A Firmware and Hem-Gw26A Firmware
Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
network
low complexity
toshiba CWE-352
8.8
2017-07-07 CVE-2017-2237 OS Command Injection vulnerability in Toshiba Hem-Gw16A Firmware and Hem-Gw26A Firmware
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier.
network
low complexity
toshiba CWE-78
critical
9.8
2017-07-07 CVE-2017-2236 Use of Hard-coded Credentials vulnerability in Toshiba Hem-Gw16A Firmware and Hem-Gw26A Firmware
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges.
network
low complexity
toshiba CWE-798
critical
9.8
2017-07-07 CVE-2017-2235 Unspecified vulnerability in Toshiba Hem-Gw16A Firmware and Hem-Gw26A Firmware
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier.
network
low complexity
toshiba
critical
9.8
2017-07-07 CVE-2017-2234 Unspecified vulnerability in Toshiba Hem-Gw16A Firmware and Hem-Gw26A Firmware
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on device with administrative privileges.
network
low complexity
toshiba
critical
9.8