Published:2017/06/27  Last Updated:2017/06/27

JVN#85901441
Multiple vulnerabilities in Toshiba Lighting & Technology Corporation Home gateway

Overview

Home gateway provided by Toshiba Lighting & Technology Corporation contains multiple vulnerabilities.

Products Affected

  • Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier
  • Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier

Description

Home gateway provided by Toshiba Lighting & Technology Corporation contains multiple vulnerabilities listed below.

  • Non-documented developer's screen (CWE-912) - CVE-2017-2234
    CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N Base Score: 2.4
    CVSS v2 AV:A/AC:L/Au:S/C:N/I:P/A:N Base Score: 2.7
  • Improper access control (CWE-284) - CVE-2017-2235
    CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Base Score: 5.4
    CVSS v2 AV:A/AC:L/Au:N/C:P/I:P/A:N Base Score: 4.8
  • Hard-coded credentials (CWE-798) - CVE-2017-2236
    CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 8.8
    CVSS v2 AV:A/AC:L/Au:N/C:C/I:C/A:C Base Score: 8.3
  • OS command injection (CWE-78) - CVE-2017-2237
    CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 6.8
    CVSS v2 AV:A/AC:L/Au:S/C:P/I:P/A:P Base Score: 5.2
  • Cross-site request forgery (CWE-352) - CVE-2017-2238
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N Base Score: 7.1
    CVSS v2 AV:N/AC:M/Au:N/C:P/I:P/A:N Base Score: 5.8

Impact

  • The device is operated with the administrative privilege (CVE-2017-2234、CVE-2017-2236)
  • The administrator's password may be changed (CVE-2017-2235)
  • An arbitrary OS command may be executed on the device (CVE-2017-2237)
  • The user may be tricked to perform unintended operation on the device (CVE-2017-2238)

Solution

Update the Firmware
Apply the appropriate firmware update provided by the developer.

Vendor Status

Vendor Status Last Update Vendor Notes
Toshiba Lighting & Technology Corporation Vulnerable 2017/06/27 Toshiba Lighting & Technology Corporation website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information