8.8

CVE-2018-16201

EPSS 0.12%
Veröffentlicht 09.01.2019 23:29:04
Zuletzt bearbeitet 21.11.2024 03:52:16
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Toshiba ≫ Hem-gw16a Firmware Version <= 1.2.9

Toshiba ≫ Hem-gw16a Version-

Toshiba ≫ Hem-gw26a Firmware Version <= 1.2.9

Toshiba ≫ Hem-gw26a Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.272

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	8.3	6.5	10	AV:A/AC:L/Au:N/C:C/I:C/A:C

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm

Vendor Advisory

https://jvn.jp/en/jp/JVN99810718/index.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-16201

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-16201

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-16201

EUVD