JVN#E7DDE712 Toshiba HDD & DVD video recorders can be accessed without authentication

Overview

Toshiba HDD & DVD video recorders can be accessed without authentication.

Products Affected

Toshiba HDD & DVD video recorders

For more information, refer to the vendor's website.

Description

Impact

When connected to an external network, it may work as an open proxy and be used as a comment spam relay.

Solution

Products requiring upgrade and security settings for the recorder unit:

The users of the following products must upgrade and add security settings for the recorder unit:

RD-XS40, earlier than ZE15
RD-X3, earlier than ZF13
RD-XS31, earlier than ZG11
RD-XS41, earlier than ZI12
RD-XS41KJ-CH869, earlier than ZI12
RD-X4, earlier than ZK11

The users of the following products must add security settings for the recorder unit (no upgrade required):

RD-X4EX
RD-XS43
RD-XS53
RD-XS34

Vendor Status

Vendor	Status	Last Update	Vendor Notes
Toshiba Corporation	Vulnerable	2004/10/15

References

JPCERT/CC Addendum

Credit

Kouki Ito reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia	JVNDB-2004-000589