Published: 2018/12/19  Last Updated: 2018/12/19

Information from Toshiba Lighting & Technology Corporation

Vulnerability ID:JVN#99810718
Title:Multiple vulnerabilities in Toshiba Lighting & Technology Corporation Home gateway

This is a statement from the vendor itself with no modification by JPCERT/CC.

The home gateway which Toshiba Lighting & Technology Corp. offers contains multiple vulnerabilities.

Confirmation method
- 1.2.9 and earlier version (*1) should be applied.
(*1) http://[the IP address of a home gateway]/hgw_setting.html is accessed, or it can check by the [setup“設定”] -> [an option setup“オプション設定”].

- The setting screen of a home gateway can be displayed in inputting URL into the address bar of a browser directly, without passing a certification screen.
- Arbitrary codes may be executed by transmitting the request which manipulated URL which is subject to the influence of this vulnerability.
- From a terminal connected directly to the home gateway, it may be accessed by "root privileges".

[Update the software]
Update to the latest version according to the information, which is provided by Toshiba Lighting & Technology corp.