Information from Toshiba Lighting & Technology Corporation
Vulnerability ID:JVN#99810718
Title:Multiple vulnerabilities in Toshiba Lighting & Technology Corporation Home gateway
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
Overview
The home gateway which Toshiba Lighting & Technology Corp. offers contains multiple vulnerabilities.
Confirmation method
- 1.2.9 and earlier version (*1) should be applied.
(*1) http://[the IP address of a home gateway]/hgw_setting.html is accessed, or it can check by the [setup“設定”] -> [an option setup“オプション設定”].
Impact
- The setting screen of a home gateway can be displayed in inputting URL into the address bar of a browser directly, without passing a certification screen.
- Arbitrary codes may be executed by transmitting the request which manipulated URL which is subject to the influence of this vulnerability.
- From a terminal connected directly to the home gateway, it may be accessed by "root privileges".
Solution
[Update the software]
Update to the latest version according to the information, which is provided by Toshiba Lighting & Technology corp.