Vulnerabilities > Toshiba
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-07 | CVE-2017-2237 | OS Command Injection vulnerability in Toshiba Hem-Gw16A Firmware and Hem-Gw26A Firmware Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. | 9.8 |
| 2017-07-07 | CVE-2017-2236 | Use of Hard-coded Credentials vulnerability in Toshiba Hem-Gw16A Firmware and Hem-Gw26A Firmware Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges. | 9.8 |
| 2017-07-07 | CVE-2017-2235 | Unspecified vulnerability in Toshiba Hem-Gw16A Firmware and Hem-Gw26A Firmware Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. | 9.8 |
| 2017-07-07 | CVE-2017-2234 | Unspecified vulnerability in Toshiba Hem-Gw16A Firmware and Hem-Gw26A Firmware Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on device with administrative privileges. | 9.8 |
| 2017-05-22 | CVE-2017-2162 | Unspecified vulnerability in Toshiba Flashair FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a web browser. low complexity toshiba | 4.3 |
| 2017-05-22 | CVE-2017-2161 | Forced Browsing vulnerability in Toshiba Flashair FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors. | 3.5 |
| 2017-05-22 | CVE-2016-4863 | Improper Authentication vulnerability in Toshiba Flashair The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later, FlashAir III Class 10 model W-03 series, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later, FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when "Internet pass-thru Mode" is enabled, which allows attackers with access to STA side LAN can obtain files or data. | 4.3 |
| 2017-04-28 | CVE-2017-2149 | Untrusted Search Path vulnerability in Toshiba Flashair Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series<W-03>) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series<W-02>) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 8.8 |
| 2017-04-21 | CVE-2016-4840 | Improper Certificate Validation vulnerability in Toshiba Coordinate Plus 1.0.2 Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates. | 5.9 |
| 2015-12-31 | CVE-2014-4876 | Information Exposure vulnerability in Toshiba 4690 Operating System 6.3 Toshiba 4690 Operating System 6 Release 3, when the ADXSITCF logical name is not properly restricted, allows remote attackers to read potentially sensitive system environment variables via a crafted request to TCP port 54138. | 3.7 |