July 20, 2018
Toshiba Electronic Devices & Storage Corporation
There are multiple vulnerabilities including remote arbitrary code execution in the CANVIO (STOR.E) wireless products and NAS products (the “Affected Network Storage Product”). Please stop using them or apply the workarounds so that these may mitigate the impact of these vulnerabilities.
|Product Category||Product Name
(varied at location)
|Model No.||Firmware Version|
|Wireless products||CANVIO AeroCast /
CANVIO AeroCast wireless HDD
|HDTU110*KWC1||1.2.8 or earlier|
|CANVIO Wireless Adapter /
STOR.E Wireless Adapter /
CANVIO Cast Wireless Adapter
|HDWW100*KW*1||2.0.7 or earlier|
|NAS products||CANVIO PERSONAL CLOUD /
|HDNB1*0*E*1||0011.3050 or earlier|
OSS modules in the Affected Network Storage Products, including samba, have known vulnerabilities including CVE-2017-7494. The details are shown in the following “Vulnerability Information for each OSS module list ”.
These vulnerabilities allow remote attackers to cause information leakage / modification, and to potentially take control of the Affected Network Storage Products.
|Connection types||Method to mitigate the impact of these vulnerabilities|
|Via home broadband network||Filter traffic related to the vulnerabilities using a firewall device, such as a broadband router.||Set Wireless product up to AP mode.*1 *2|
|Via wireless LAN||Confirm that there are no wireless communication devices within your local network.||
|Via mobile broadband network (smart phone, tablet, WWAN-equipped PC, etc.) *3||Disconnect from WWAN*3|
*1: Please be sure to download the user manual and read it carefully prior to setup.
*2: Please be sure to update the latest firmware that addressed WPA2 vulnerabilities.
*3: WWAN means “Wireless Wide Area Network”.
Note: Toshiba Electronic Devices & Storage Corporation terminates the software update for the Affected Network Storage Product.
Note: Please be sure to apply the appropriate firmware update according to the information provided by the manufacturer of any devices that are connected to the Affected Network Storage Product.
Different connection modes
※1:You cannot use ChromecastTM function after the setup".
※ Chromecast is trademark of Google, Inc.
Please visit the following website and choose the applicable Consumer Storage Solutions website for your region.