Details of VAR-201901-0799

ID

VAR-201901-0799

CVE

CVE-2018-16201

TITLE

Multiple vulnerabilities in Toshiba Lighting & Technology Corporation Home gateway

Trust: 0.8

sources: JVNDB: JVNDB-2018-000132

DESCRIPTION

Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands. Home gateway provided by Toshiba Lighting & Technology Corporation contains multiple vulnerabilities listed below. * Improper access control (CWE-284) - CVE-2018-16197 * Hidden functionality (CWE-912) - CVE-2018-16198 * Cross-site scripting (CWE-79) - CVE-2018-16199 * OS command injection (CWE-78) - CVE-2018-16200 * Hard-coded credentials (CWE-798) - CVE-2018-16201 The following researchers reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-16197 Toshitsugu Yoneyama, Yutaka Kokubu, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-16198, CVE-2018-16199 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. CVE-2018-16200, CVE-2018-16201 Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc.* The information and files stored on the affected device may be accessed. - CVE-2018-16197, CVE-2018-16201 * The affected device may be operated by an attacker. - CVE-2018-16198, CVE-2018-16201 * An arbitrary script may be executed on the user's web browser. - CVE-2018-16199 * An arbitrary OS command may be executed on the affected device. - CVE-2018-16200, CVE-2018-16201. TOSHIBA Home gateway HEM-GW26A and HEM-GW16A are home gateway products of Japan Toshiba (TOSHIBA) company. The vulnerability is caused by the use of hard-coded credentials in the program. An attacker could exploit this vulnerability to log in to the administrator settings page, change configurations, or execute arbitrary operating system commands

Trust: 1.71

sources: NVD: CVE-2018-16201 // JVNDB: JVNDB-2018-000132 // VULHUB: VHN-126537

IOT TAXONOMY

category:

['network device']

sub_category:

gateway

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	toshiba	model:	hem-gw26a	scope:	lte	version:	1.2.9	Trust: 1.0
vendor:	toshiba	model:	hem-gw16a	scope:	lte	version:	1.2.9	Trust: 1.0
vendor:	toshiba lighting	model:	home gateway hem-gw16a	scope:	lte	version:	1.2.9	Trust: 0.8
vendor:	toshiba lighting	model:	home gateway hem-gw26a	scope:	lte	version:	1.2.9	Trust: 0.8

sources: JVNDB: JVNDB-2018-000132 // NVD: CVE-2018-16201

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA:	JVNDB-2018-000132
value:	HIGH
Trust: 2.4
IPA:	JVNDB-2018-000132
value:	MEDIUM
Trust: 1.6
nvd@nist.gov:	CVE-2018-16201
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-201812-811
value:	HIGH
Trust: 0.6
VULHUB:	VHN-126537
value:	HIGH
Trust: 0.1

IPA:	JVNDB-2018-000132
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 2.4
nvd@nist.gov:	CVE-2018-16201
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2018-000132
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
IPA:	JVNDB-2018-000132
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-126537
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

IPA:	JVNDB-2018-000132
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 2.4
nvd@nist.gov:	CVE-2018-16201
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
IPA:	JVNDB-2018-000132
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
IPA:	JVNDB-2018-000132
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-126537 // JVNDB: JVNDB-2018-000132 // JVNDB: JVNDB-2018-000132 // JVNDB: JVNDB-2018-000132 // JVNDB: JVNDB-2018-000132 // JVNDB: JVNDB-2018-000132 // CNNVD: CNNVD-201812-811 // NVD: CVE-2018-16201

PROBLEMTYPE DATA

problemtype:	CWE-798	Trust: 1.1
problemtype:	CWE-78	Trust: 0.8
problemtype:	CWE-Other	Trust: 0.8
problemtype:	CWE-79	Trust: 0.8
problemtype:	CWE-255	Trust: 0.8
problemtype:	CWE-264	Trust: 0.8

sources: VULHUB: VHN-126537 // JVNDB: JVNDB-2018-000132 // NVD: CVE-2018-16201

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201812-811

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201812-811

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-000132

PATCH

title:	Toshiba Lighting & Technology Corporation website	url:	http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm	Trust: 0.8
title:	TOSHIBA Home gateway HEM-GW26A and HEM-GW16A Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88006	Trust: 0.6

sources: JVNDB: JVNDB-2018-000132 // CNNVD: CNNVD-201812-811

EXTERNAL IDS

db:	NVD	id:	CVE-2018-16201	Trust: 2.6
db:	JVN	id:	JVN99810718	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-000132	Trust: 0.8
db:	CNNVD	id:	CNNVD-201812-811	Trust: 0.7
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-126537	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-126537 // JVNDB: JVNDB-2018-000132 // CNNVD: CNNVD-201812-811 // NVD: CVE-2018-16201

REFERENCES

url:	https://jvn.jp/en/jp/jvn99810718/index.html	Trust: 2.5
url:	http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16201	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16197	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16198	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16199	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16200	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16197	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16198	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16199	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16200	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16201	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-126537 // JVNDB: JVNDB-2018-000132 // CNNVD: CNNVD-201812-811 // NVD: CVE-2018-16201

SOURCES

db:	OTHER	id:	-
db:	VULHUB	id:	VHN-126537
db:	JVNDB	id:	JVNDB-2018-000132
db:	CNNVD	id:	CNNVD-201812-811
db:	NVD	id:	CVE-2018-16201

LAST UPDATE DATE

2025-01-30T22:35:55.829000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-126537	date:	2019-01-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-000132	date:	2019-08-28T00:00:00
db:	CNNVD	id:	CNNVD-201812-811	date:	2019-04-01T00:00:00
db:	NVD	id:	CVE-2018-16201	date:	2024-11-21T03:52:16.877

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-126537	date:	2019-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2018-000132	date:	2018-12-19T00:00:00
db:	CNNVD	id:	CNNVD-201812-811	date:	2018-12-19T00:00:00
db:	NVD	id:	CVE-2018-16201	date:	2019-01-09T23:29:04.887