Part Number Search

Cross Reference Search

About information presented in this cross reference

The information presented in this cross reference is based on TOSHIBA's selection criteria and should be treated as a suggestion only. Please carefully review the latest versions of all relevant information on the TOSHIBA products, including without limitation data sheets and validate all operating parameters of the TOSHIBA products to ensure that the suggested TOSHIBA products are truly compatible with your design and application.
Please note that this cross reference is based on TOSHIBA's estimate of compatibility with other manufacturers' products, based on other manufacturers' published data, at the time the data was collected.
TOSHIBA is not responsible for any incorrect or incomplete information. Information is subject to change at any time without notice.

Keyword Search

Parametric Search

Stock Check & Purchase

TDSCSA00436:Multiple Vulnerabilities in CANVIO Network Storage Products

July 20, 2018

Toshiba Electronic Devices & Storage Corporation

Overview

There are multiple vulnerabilities including remote arbitrary code execution in the CANVIO (STOR.E) wireless products and NAS products (the “Affected Network Storage Product”). Please stop using them or apply the workarounds so that these may mitigate the impact of these vulnerabilities.

Affected Network Storage Products

Product Category Product Name
(varied at location)
Model No. Firmware Version
Wireless products CANVIO AeroCast /
CANVIO AeroCast wireless HDD
HDTU110*KWC1 1.2.8 or earlier
CANVIO Wireless Adapter /
STOR.E Wireless Adapter /
CANVIO Cast Wireless Adapter
HDWW100*KW*1 2.0.7 or earlier
NAS products CANVIO PERSONAL CLOUD /
CANVIO HOME
HDNB1*0*E*1 0011.3050 or earlier

Impact

OSS modules in the Affected Network Storage Products, including samba, have known vulnerabilities including CVE-2017-7494. The details are shown in the following “Vulnerability Information for each OSS module list ”.
These vulnerabilities allow remote attackers to cause information leakage / modification, and to potentially take control of the Affected Network Storage Products.

<Vulnerability Information for each OSS module list>

Workarounds

  • Please understand that the impact may occur if you continue to use the Affected Network Storage Products.
  • The following workarounds may mitigate the impact of these vulnerabilities in the Affected Network Storage Products.
Connection types Method to mitigate the impact of these vulnerabilities
Model No. Threats
Via home broadband network Filter traffic related to the vulnerabilities using a firewall device, such as a broadband router. Set Wireless product up to AP mode.*1 *2
Via wireless LAN Confirm that there are no wireless communication devices within your local network.
  1. Update the latest firmware that fixed WPA2 vulnerabilities of Wireless product.
  2. Change the default password to a unique password.
Via mobile broadband network (smart phone, tablet, WWAN-equipped PC, etc.) *3 Disconnect from WWAN*3

*1: Please be sure to download the user manual and read it carefully prior to setup.
*2: Please be sure to update the latest firmware that addressed WPA2 vulnerabilities.
*3: WWAN means “Wireless Wide Area Network”.
Note: Toshiba Electronic Devices & Storage Corporation terminates the software update for the Affected Network Storage Product. 
Note: Please be sure to apply the appropriate firmware update according to the information provided by the manufacturer of any devices that are connected to the Affected Network Storage Product.

Attack route

Attack route

Wireless products

Different connection modes

  • Use the “AP mode” (shown below) to mitigate the impact of these vulnerabilities.
  • Please be aware that it is possible that in station and bridge mode vulnerabilities can occur.
Wireless products

※1:You cannot use ChromecastTM function after the setup".

※ Chromecast is trademark of Google, Inc.

Product Name Manual
CANVIO AeroCast /
CANVIO AeroCast wireless HDD
CANVIO Wireless Adapter /
STOR.E Wireless Adapter /
CANVIO Cast Wireless Adapter

Contact Information

Please visit the following website and choose the applicable Consumer Storage Solutions website for your region.

A new window will open