cvelistv5 - CVE-2018-16197

CVE-2018-16197 (GCVE-0-2018-16197)

Vulnerability from cvelistv5

Published

2019-01-09 22:00

Modified

2024-08-05 10:17

Severity ?

CWE

Fails to restrict access

Summary

References

URL

	Vendor	Product	Version
	Toshiba Lighting & Technology Corporation	Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A	Version: (Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)

CVE-2018-16197

Vulnerability from jvndb

Published

2018-12-19 15:20

Modified

2019-08-28 10:45

Severity ?

8.8 (High) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in Toshiba Lighting & Technology Corporation Home gateway

Details

Home gateway provided by Toshiba Lighting & Technology Corporation contains multiple vulnerabilities listed below. * Improper access control (CWE-284) - CVE-2018-16197 * Hidden functionality (CWE-912) - CVE-2018-16198 * Cross-site scripting (CWE-79) - CVE-2018-16199 * OS command injection (CWE-78) - CVE-2018-16200 * Hard-coded credentials (CWE-798) - CVE-2018-16201 The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-16197 Toshitsugu Yoneyama, Yutaka Kokubu, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-16198, CVE-2018-16199 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. CVE-2018-16200, CVE-2018-16201 Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN99810718/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16197
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16198
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16199
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16200
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16201
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-16197
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-16198
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-16199
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-16200
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-16201
	Credentials Management(CWE-255)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	TOSHIBA LIGHTING & TECHNOLOGY CORPORATION	TOSHIBA Home Gateway HEM-GW16A
	TOSHIBA LIGHTING & TECHNOLOGY CORPORATION	TOSHIBA Home Gateway HEM-GW26A

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000132.html",
  "dc:date": "2019-08-28T10:45+09:00",
  "dcterms:issued": "2018-12-19T15:20+09:00",
  "dcterms:modified": "2019-08-28T10:45+09:00",
  "description": "Home gateway provided by Toshiba Lighting \u0026 Technology Corporation contains multiple vulnerabilities listed below. \r\n* Improper access control (CWE-284) - CVE-2018-16197\r\n* Hidden functionality (CWE-912) - CVE-2018-16198\r\n* Cross-site scripting (CWE-79) - CVE-2018-16199\r\n* OS command injection (CWE-78) - CVE-2018-16200\r\n* Hard-coded credentials (CWE-798) - CVE-2018-16201\r\n\r\nThe following researchers reported the vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\nCVE-2018-16197\r\nToshitsugu Yoneyama, Yutaka Kokubu, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc.\r\n\r\nCVE-2018-16198, CVE-2018-16199\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc.\r\n\r\nCVE-2018-16200, CVE-2018-16201\r\nYutaka Kokubu of Mitsui Bussan Secure Directions, Inc.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000132.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:toshiba:hem-gw16a_firmware",
      "@product": "TOSHIBA Home Gateway HEM-GW16A",
      "@vendor": "TOSHIBA LIGHTING \u0026 TECHNOLOGY CORPORATION",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:toshiba:hem-gw26a_firmware",
      "@product": "TOSHIBA Home Gateway HEM-GW26A",
      "@vendor": "TOSHIBA LIGHTING \u0026 TECHNOLOGY CORPORATION",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "8.3",
      "@severity": "High",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
      "@version": "2.0"
    },
    {
      "@score": "8.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000132",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN99810718/index.html",
      "@id": "JVN#99810718",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16197",
      "@id": "CVE-2018-16197",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16198",
      "@id": "CVE-2018-16198",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16199",
      "@id": "CVE-2018-16199",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16200",
      "@id": "CVE-2018-16200",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16201",
      "@id": "CVE-2018-16201",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16197",
      "@id": "CVE-2018-16197",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16198",
      "@id": "CVE-2018-16198",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16199",
      "@id": "CVE-2018-16199",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16200",
      "@id": "CVE-2018-16200",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16201",
      "@id": "CVE-2018-16201",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-255",
      "@title": "Credentials Management(CWE-255)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in Toshiba Lighting \u0026 Technology Corporation Home gateway"
}

fkie_cve-2018-16197

Vulnerability from fkie_nvd

Published

2019-01-09 23:29

Modified

2024-11-21 03:52

Severity ?

6.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
vultures@jpcert.or.jp	http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm	Vendor Advisory
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN99810718/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN99810718/index.html	Third Party Advisory

Impacted products

Vendor	Product	Version
toshiba	hem-gw16a_firmware	*
toshiba	hem-gw16a	-
toshiba	hem-gw26a_firmware	*
toshiba	hem-gw26a	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:toshiba:hem-gw16a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E768A13-4373-4211-9D77-6D02BC377EC9",
              "versionEndIncluding": "1.2.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:toshiba:hem-gw16a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D9C8238-D8C8-46CD-993F-3A49C1627BE1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:toshiba:hem-gw26a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "59EC2236-60EA-4E49-A337-D32EAE51FDED",
              "versionEndIncluding": "1.2.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:toshiba:hem-gw26a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D699E38-BB97-4831-B5BF-E1DF1735ABEB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device."
    },
    {
      "lang": "es",
      "value": "La puerta de enlace Toshiba Home HEM-GW16A, en versiones 1.2.9 y anteriores, y la puerta de enlace Toshiba Home HEM-GW26A, en versiones 1.2.9 y anteriores, permiten que un atacante en el mismo segmento de red omita las restricciones de acceso para acceder a la informaci\u00f3n y los archivos almacenados en el dispositivo afectado."
    }
  ],
  "id": "CVE-2018-16197",
  "lastModified": "2024-11-21T03:52:16.390",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-09T23:29:04.623",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN99810718/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN99810718/index.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-h36g-mqj9-c9h2

Vulnerability from github

Published

2022-05-13 01:50

Modified

2022-05-13 01:50

Severity ?

6.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-16197"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-09T23:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device.",
  "id": "GHSA-h36g-mqj9-c9h2",
  "modified": "2022-05-13T01:50:18Z",
  "published": "2022-05-13T01:50:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16197"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN99810718/index.html"
    },
    {
      "type": "WEB",
      "url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

var-201901-0795

Vulnerability from variot

Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device. Home gateway provided by Toshiba Lighting & Technology Corporation contains multiple vulnerabilities listed below. * Improper access control (CWE-284) - CVE-2018-16197 * Hidden functionality (CWE-912) - CVE-2018-16198 * Cross-site scripting (CWE-79) - CVE-2018-16199 * OS command injection (CWE-78) - CVE-2018-16200 * Hard-coded credentials (CWE-798) - CVE-2018-16201 The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-16197 Toshitsugu Yoneyama, Yutaka Kokubu, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-16198, CVE-2018-16199 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. CVE-2018-16200, CVE-2018-16201 Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc.* The information and files stored on the affected device may be accessed. - CVE-2018-16197, CVE-2018-16201 * The affected device may be operated by an attacker. - CVE-2018-16198, CVE-2018-16201 * An arbitrary script may be executed on the user's web browser. - CVE-2018-16199 * An arbitrary OS command may be executed on the affected device. - CVE-2018-16200, CVE-2018-16201. An access control error vulnerability exists in TOSHIBAHomeGatewayHEM-GW26A1.2.9 and earlier and TOSHIBAHomeGateway 1.2.9 and earlier

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201901-0795",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "hem-gw26a",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "toshiba",
        "version": "1.2.9"
      },
      {
        "model": "hem-gw16a",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "toshiba",
        "version": "1.2.9"
      },
      {
        "model": "home gateway hem-gw16a",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "toshiba lighting",
        "version": "1.2.9"
      },
      {
        "model": "home gateway hem-gw26a",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "toshiba lighting",
        "version": "1.2.9"
      },
      {
        "model": "home gateway hem-gw26a",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "toshiba",
        "version": "\u003c=1.2.9"
      },
      {
        "model": "home gateway",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "toshiba",
        "version": "\u003c=1.2.9"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-17156"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000132"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16197"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:toshiba:hem-gw16a_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:toshiba:hem-gw26a_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000132"
      }
    ]
  },
  "cve": "CVE-2018-16197",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 5.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000132",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 2.4,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "id": "CVE-2018-16197",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.0,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Complete",
            "baseScore": 8.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000132",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000132",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "id": "CNVD-2019-17156",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "id": "VHN-126532",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000132",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 2.4,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2018-16197",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "Low",
            "baseScore": 6.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000132",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000132",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "IPA",
            "id": "JVNDB-2018-000132",
            "trust": 2.4,
            "value": "High"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2018-000132",
            "trust": 1.6,
            "value": "Medium"
          },
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-16197",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-17156",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201812-807",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-126532",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-17156"
      },
      {
        "db": "VULHUB",
        "id": "VHN-126532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000132"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000132"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000132"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000132"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000132"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-807"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16197"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device. Home gateway provided by Toshiba Lighting \u0026 Technology Corporation contains multiple vulnerabilities listed below. * Improper access control (CWE-284) - CVE-2018-16197 * Hidden functionality (CWE-912) - CVE-2018-16198 * Cross-site scripting (CWE-79) - CVE-2018-16199 * OS command injection (CWE-78) - CVE-2018-16200 * Hard-coded credentials (CWE-798) - CVE-2018-16201 The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-16197 Toshitsugu Yoneyama, Yutaka Kokubu, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-16198, CVE-2018-16199 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. CVE-2018-16200, CVE-2018-16201 Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc.* The information and files stored on the affected device may be accessed. - CVE-2018-16197, CVE-2018-16201 * The affected device may be operated by an attacker. - CVE-2018-16198, CVE-2018-16201 * An arbitrary script may be executed on the user\u0027s web browser. - CVE-2018-16199 * An arbitrary OS command may be executed on the affected device. - CVE-2018-16200, CVE-2018-16201. An access control error vulnerability exists in TOSHIBAHomeGatewayHEM-GW26A1.2.9 and earlier and TOSHIBAHomeGateway 1.2.9 and earlier",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-16197"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000132"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-17156"
      },
      {
        "db": "VULHUB",
        "id": "VHN-126532"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-16197",
        "trust": 3.1
      },
      {
        "db": "JVN",
        "id": "JVN99810718",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000132",
        "trust": 1.4
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-807",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-17156",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-126532",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-17156"
      },
      {
        "db": "VULHUB",
        "id": "VHN-126532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000132"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-807"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16197"
      }
    ]
  },
  "id": "VAR-201901-0795",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-17156"
      },
      {
        "db": "VULHUB",
        "id": "VHN-126532"
      }
    ],
    "trust": 1.5214285766666666
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-17156"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:17:09.227000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Toshiba Lighting \u0026 Technology Corporation website",
        "trust": 0.8,
        "url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
      },
      {
        "title": "TOSHIBAHomeGatewayHEM-GW26A and TOSHIBAHomeGatewayHEM-GW16A Access Control Error Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/163449"
      },
      {
        "title": "TOSHIBA Home Gateway HEM-GW26A  and TOSHIBA Home Gateway HEM-GW16A Fixes for access control error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88003"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-17156"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000132"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-807"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-78",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-79",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-255",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-284",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-126532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000132"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16197"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://jvn.jp/en/jp/jvn99810718/index.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16201"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16197"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16198"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16199"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16200"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16197"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16198"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16199"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16200"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16201"
      },
      {
        "trust": 0.6,
        "url": "https://jvndb.jvn.jp/en/contents/2018/jvndb-2018-000132.html"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-17156"
      },
      {
        "db": "VULHUB",
        "id": "VHN-126532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000132"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-807"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16197"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-17156"
      },
      {
        "db": "VULHUB",
        "id": "VHN-126532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000132"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-807"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16197"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-17156"
      },
      {
        "date": "2019-01-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-126532"
      },
      {
        "date": "2018-12-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-000132"
      },
      {
        "date": "2018-12-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-807"
      },
      {
        "date": "2019-01-09T23:29:04.623000",
        "db": "NVD",
        "id": "CVE-2018-16197"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-17156"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-126532"
      },
      {
        "date": "2019-08-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-000132"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-807"
      },
      {
        "date": "2024-11-21T03:52:16.390000",
        "db": "NVD",
        "id": "CVE-2018-16197"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-807"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "TOSHIBA Home Gateway HEM-GW26A and TOSHIBA Home Gateway HEM-GW16A Access Control Error Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-17156"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-807"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "access control error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-807"
      }
    ],
    "trust": 0.6
  }
}

gsd-2018-16197

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2018-16197

Aliases

CVE-2018-16197

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-16197",
    "description": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device.",
    "id": "GSD-2018-16197"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-16197"
      ],
      "details": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device.",
      "id": "GSD-2018-16197",
      "modified": "2023-12-13T01:22:25.945740Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2018-16197",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Toshiba Home gateway HEM-GW16A and Toshiba Home gateway HEM-GW26A",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "(Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Toshiba Lighting \u0026 Technology Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Fails to restrict access"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "JVN#99810718",
            "refsource": "JVN",
            "url": "https://jvn.jp/en/jp/JVN99810718/index.html"
          },
          {
            "name": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm",
            "refsource": "MISC",
            "url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:toshiba:hem-gw16a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.2.9",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:toshiba:hem-gw16a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:toshiba:hem-gw26a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.2.9",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:toshiba:hem-gw26a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-16197"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#99810718",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/en/jp/JVN99810718/index.html"
            },
            {
              "name": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2019-01-09T23:29Z"
    }
  }
}

cnvd-2019-17156

Vulnerability from cnvd

Title

TOSHIBA Home Gateway HEM-GW26A和TOSHIBA Home Gateway HEM-GW16A访问控制错误漏洞

Description

TOSHIBA Home Gateway HEM-GW26A和TOSHIBA Home Gateway HEM-GW16A都是日本东芝（TOSHIBA）公司的家庭网关产品。 TOSHIBA Home Gateway HEM-GW26A 1.2.9及之前版本和TOSHIBA Home Gateway 1.2.9及之前版本中存在访问控制错误漏洞，攻击者可利用该漏洞访问存储在受影响设备上的信息和文件。

Severity

低

Patch Name

TOSHIBA Home Gateway HEM-GW26A和TOSHIBA Home Gateway HEM-GW16A访问控制错误漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm

Reference

https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000132.html

Impacted products

Name
['Toshiba Home gateway HEM-GW26A <=1.2.9', 'Toshiba Home Gateway <=1.2.9']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-16197"
    }
  },
  "description": "TOSHIBA Home Gateway HEM-GW26A\u548cTOSHIBA Home Gateway HEM-GW16A\u90fd\u662f\u65e5\u672c\u4e1c\u829d\uff08TOSHIBA\uff09\u516c\u53f8\u7684\u5bb6\u5ead\u7f51\u5173\u4ea7\u54c1\u3002\n\nTOSHIBA Home Gateway HEM-GW26A 1.2.9\u53ca\u4e4b\u524d\u7248\u672c\u548cTOSHIBA Home Gateway 1.2.9\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u5b58\u50a8\u5728\u53d7\u5f71\u54cd\u8bbe\u5907\u4e0a\u7684\u4fe1\u606f\u548c\u6587\u4ef6\u3002",
  "discovererName": "Toshitsugu Yoneyama, Yutaka Kokubu, and Daiki Ichinose",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-17156",
  "openTime": "2019-06-13",
  "patchDescription": "TOSHIBA Home Gateway HEM-GW26A\u548cTOSHIBA Home Gateway HEM-GW16A\u90fd\u662f\u65e5\u672c\u4e1c\u829d\uff08TOSHIBA\uff09\u516c\u53f8\u7684\u5bb6\u5ead\u7f51\u5173\u4ea7\u54c1\u3002\r\n\r\nTOSHIBA Home Gateway HEM-GW26A 1.2.9\u53ca\u4e4b\u524d\u7248\u672c\u548cTOSHIBA Home Gateway 1.2.9\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u5b58\u50a8\u5728\u53d7\u5f71\u54cd\u8bbe\u5907\u4e0a\u7684\u4fe1\u606f\u548c\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "TOSHIBA Home Gateway HEM-GW26A\u548cTOSHIBA Home Gateway HEM-GW16A\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Toshiba Home gateway HEM-GW26A \u003c=1.2.9",
      "Toshiba Home Gateway \u003c=1.2.9"
    ]
  },
  "referenceLink": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000132.html",
  "serverity": "\u4f4e",
  "submitTime": "2018-12-21",
  "title": "TOSHIBA Home Gateway HEM-GW26A\u548cTOSHIBA Home Gateway HEM-GW16A\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-16197 (GCVE-0-2018-16197)

Vulnerability from cvelistv5

CVE-2018-16197

Vulnerability from jvndb

fkie_cve-2018-16197

Vulnerability from fkie_nvd

ghsa-h36g-mqj9-c9h2

Vulnerability from github

var-201901-0795

Vulnerability from variot

gsd-2018-16197

Vulnerability from gsd

cnvd-2019-17156

Vulnerability from cnvd

Tags

Sightings

Nomenclature