VYPR
Vendor

Toshiba

Products
32
CVEs
67
Across products
99
Status
Private

Products

32
View all 32 products →

Recent CVEs

67
View all 67 CVEs →
  • CVE-2024-27145CriJun 14, 2024
    risk 0.64cvss 9.8epss 0.01

    The Toshiba printers provide several ways to upload files using the admin web interface. An attacker can remotely compromise any Toshiba printer. An attacker can overwrite any insecure files. This vulnerability can be executed in combination with other vulnerabilities and …

  • CVE-2017-2237CriJul 7, 2017
    risk 0.64cvss 9.8epss 0.02

    Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.

  • CVE-2017-2236CriJul 7, 2017
    risk 0.64cvss 9.8epss 0.01

    Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges.

  • CVE-2017-2235CriJul 7, 2017
    risk 0.64cvss 9.8epss 0.01

    Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to bypass access restriction to change the administrator account password via unspecified vectors.

  • CVE-2017-2234CriJul 7, 2017
    risk 0.64cvss 9.8epss 0.02

    Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on device with administrative privileges.

  • CVE-2024-36248CriNov 26, 2024
    risk 0.59cvss 9.1epss 0.01

    API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

  • CVE-2011-1265HigJul 13, 2011
    risk 0.58cvss 8.8epss 0.06

    The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth…

  • CVE-2026-8676HigMay 26, 2026
    risk 0.57cvss 8.8epss 0.00

    An attacker is able to downgrade the security of a Bluetooth LE connection by deleting an existing bond, spoofing the bonded device and creating a new bond.

  • CVE-2017-2238HigJul 7, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication of administrators via…

  • CVE-2017-2149HigApr 28, 2017
    risk 0.57cvss 8.8epss 0.03

    Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier,…

  • CVE-2024-27170HigJun 14, 2024
    risk 0.48cvss 7.4epss 0.00

    It was observed that all the Toshiba printers contain credentials used for WebDAV access in the readable file. Then, it is possible to get a full access with WebDAV to the printer. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-27158HigJun 14, 2024
    risk 0.48cvss 7.4epss 0.00

    All the Toshiba printers share the same hardcoded root password. As for the affected products/models/versions, see the reference URL.

  • CVE-2026-21011MedApr 13, 2026
    risk 0.44cvss 6.8epss 0.00

    Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock.

  • CVE-2024-27157MedJun 14, 2024
    risk 0.44cvss 6.8epss 0.00

    The sessions are stored in clear-text logs. An attacker can retrieve authentication sessions. A remote attacker can retrieve the credentials and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-27163MedJun 14, 2024
    risk 0.42cvss 6.5epss 0.00

    Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. An attacker stealing the cookie of an admin or abusing a XSS vulnerability can recover this password in clear-text and…

  • CVE-2019-8921MedNov 29, 2021
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting…

  • CVE-2024-27161MedJun 14, 2024
    risk 0.40cvss 6.2epss 0.00

    all the Toshiba printers have programs containing a hardcoded key used to encrypt files. An attacker can decrypt the encrypted files using the hardcoded key. Insecure algorithm is used for the encryption. This vulnerability can be executed in combination with other…

  • CVE-2016-4840MedApr 21, 2017
    risk 0.38cvss 5.9epss 0.01

    Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates.

  • CVE-2016-3839MedAug 5, 2016
    risk 0.36cvss 5.5epss 0.00

    Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of Bluetooth 911 functionality) via a crafted application that sends a signal to a Bluetooth process, aka internal bug…

  • CVE-2017-2162MedMay 22, 2017
    risk 0.28cvss 4.3epss 0.01

    FlashAirTM SDHC Memory Card (SD-WE Series ) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series ) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a…