Vulnerabilities > Toshiba > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-09 | CVE-2018-16199 | Cross-site Scripting vulnerability in Toshiba Hem-Gw16A Firmware and Hem-Gw26A Firmware Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2019-01-09 | CVE-2018-16197 | Unspecified vulnerability in Toshiba Hem-Gw16A Firmware and Hem-Gw26A Firmware Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device. low complexity toshiba | 6.5 |
| 2017-05-22 | CVE-2017-2162 | Unspecified vulnerability in Toshiba Flashair FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a web browser. low complexity toshiba | 4.3 |
| 2017-05-22 | CVE-2016-4863 | Improper Authentication vulnerability in Toshiba Flashair The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later, FlashAir III Class 10 model W-03 series, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later, FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when "Internet pass-thru Mode" is enabled, which allows attackers with access to STA side LAN can obtain files or data. | 4.3 |
| 2017-04-21 | CVE-2016-4840 | Improper Certificate Validation vulnerability in Toshiba Coordinate Plus 1.0.2 Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates. | 5.9 |