CVE-2018-16200
HIGHToshiba HEM-GW16A and HEM-GW26A < 1.2.9 - OS Command Injection
Title source: llmDescription
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands.
References (2)
Core 2
Core References
Third Party Advisory third-party-advisory
x_refsource_jvn
https://jvn.jp/en/jp/JVN99810718/index.html
Vendor Advisory x_refsource_misc
http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm
Scores
CVSS v3
8.8
EPSS
0.0065
EPSS Percentile
46.5%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (2)
toshiba/hem-gw16a_firmware
< 1.2.9
toshiba/hem-gw26a_firmware
< 1.2.9
Published
Jan 09, 2019
Tracked Since
Feb 18, 2026