cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-48870,https://securityvulnerability.io/vulnerability/CVE-2024-48870,Sharp MFPs vulnerable to cross-site scripting attack,"Sharp and Toshiba Tec multi-function printers exhibit a vulnerability related to improper input data validation during URI data registration. This flaw allows an attacker, via crafted input, to store malicious scripts that may be executed in the web browsers of users accessing the affected system. If administrative users inadvertently store such input, it can lead to significant security risks for organizations, compromising user safety and exposing sensitive information.",Toshiba,"E-studio 908,E-studio 1058,E-studio 1208,Sharp Digital Full-color Mfps And Monochrome Mfps",4.8,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-10-25T06:18:57.297Z,0
CVE-2024-3498,https://securityvulnerability.io/vulnerability/CVE-2024-3498,HP Printers Vulnerable to Remote Code Execution via Web Configuration,"A vulnerability exists within Toshiba Multifunction Printers that allows attackers to exploit certain web-enabled services through the printer's configuration page. By manipulating these services, attackers can successfully execute malicious files and elevate their privileges to root, potentially compromising sensitive data and system integrity. Organizations utilizing affected models should apply security patches and configure their systems to mitigate the risk of unauthorized access.",Toshiba,Toshiba Tec E-studio Multi-function Peripheral (mfp),7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-14T04:20:01.103Z,0
CVE-2024-3497,https://securityvulnerability.io/vulnerability/CVE-2024-3497,Printer Path Traversal Vulnerability Allows Overwriting of Original Files or Adding New Ones,"A path traversal vulnerability exists within the web server of Toshiba printers, enabling potential attackers to perform unauthorized file operations. This security flaw permits malicious actors to overwrite existing files or introduce new files on the printer's storage system. Organizations relying on Toshiba printers are at risk of data loss and unauthorized access, necessitating immediate attention to security protocols and potential patch management. Further details regarding affected models and versions can be found through provided resources.",Toshiba,Toshiba Tec E-studio Multi-function Peripheral (mfp),8.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-14T04:17:56.164Z,0
CVE-2024-3496,https://securityvulnerability.io/vulnerability/CVE-2024-3496,Printers Vulnerable to Authentication Bypass Attacks,"The vulnerability presents a significant risk as attackers are able to bypass the web login authentication process of Toshiba printers, gaining unauthorized access to sensitive system information. Once access is achieved, it becomes possible for malicious actors to upload harmful drivers to the affected printers, which can lead to further security breaches and exploitation of the device's capabilities. Organizations utilizing these printers should prioritize updating their systems and ensuring appropriate security measures are in place to mitigate the potential risks associated with this vulnerability.",Toshiba,Toshiba Tec E-studio Multi-function Peripheral (mfp),8.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-14T04:13:22.003Z,0
CVE-2024-27180,https://securityvulnerability.io/vulnerability/CVE-2024-27180,Admin Access Vulnerability Affects Multiple Products/Models/Versions,"An attacker with admin access can install rogue applications. As for the affected products/models/versions, see the reference URL.",Toshiba,Toshiba Tec E-studio Multi-function Peripheral (mfp),6.7,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-14T04:10:30.671Z,0
CVE-2024-27179,https://securityvulnerability.io/vulnerability/CVE-2024-27179,Clear-Text Admin Cookies in Logs Can Bypass Authentication,"Admin cookies are written in clear-text in logs. An attacker can retrieve them and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL.",Toshiba,Toshiba Tec E-studio Multi-function Peripheral (mfp),4.7,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-14T04:09:24.831Z,0
CVE-2024-27178,https://securityvulnerability.io/vulnerability/CVE-2024-27178,Toshiba Vulnerability: Remote Code Execution through File Overwriting,"A vulnerability has been identified in Toshiba Multifunction Printers that allows an attacker to perform Remote Code Execution by manipulating file name variables to overwrite files. This exploitation can occur in conjunction with other vulnerabilities, complicating detection and execution in isolation. Although the base score of this vulnerability may be perceived as lower, its potential for exploitation in the presence of related vulnerabilities necessitates immediate attention. For additional details on affected models and mitigation strategies, refer to Toshiba's informational resources.",Toshiba,Toshiba Tec E-studio Multi-function Peripheral (mfp),7.2,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-14T04:08:21.126Z,0
CVE-2024-27177,https://securityvulnerability.io/vulnerability/CVE-2024-27177,Toshiba Vulnerability: Remote Code Execution through File Overwriting,"A notable vulnerability exists in Toshiba products that permits remote code execution through unauthorized file overwriting. The exploit takes advantage of a flawed package name variable, which can be manipulated by attackers. While this vulnerability may require the presence of additional vulnerabilities to be successfully executed, it poses a significant risk, particularly within environments utilizing affected Toshiba product models and versions. Comprehensive assessments of affected systems and implemented security measures are imperative to mitigate potential exploitation.",Toshiba,Toshiba Tec E-studio Multi-function Peripheral (mfp),7.2,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-14T04:06:54.881Z,0
CVE-2024-27176,https://securityvulnerability.io/vulnerability/CVE-2024-27176,Toshiba Vulnerability: Remote Code Execution via Falsified Session ID,"A vulnerability allows an attacker to execute remote code by exploiting a flaw in Toshiba’s Document Solutions. Through manipulation of session ID variables, an attacker can overwrite files, potentially leading to unauthorized operations on affected devices. This vulnerability poses a significant risk, particularly when combined with other existing vulnerabilities, potentially amplifying its impact. Precautions need to be taken by users of affected products to mitigate risks associated with this vulnerability, and additional information is available via Toshiba's contact points for further details.",Toshiba,Toshiba Tec E-studio Multi-function Peripheral (mfp),7.2,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-14T04:05:52.395Z,0
CVE-2024-27175,https://securityvulnerability.io/vulnerability/CVE-2024-27175,Attacker can read any file using Local File Inclusion vulnerability,"Remote Command program allows an attacker to read any file using a Local File Inclusion vulnerability. An attacker can read any file on the printer. As for the affected products/models/versions, see the reference URL.",Toshiba,Toshiba Tec E-studio Multi-function Peripheral (mfp),4.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-14T04:04:32.574Z,0
CVE-2024-27174,https://securityvulnerability.io/vulnerability/CVE-2024-27174,Toshiba Remote Command Vulnerability Allows for Remote Code Execution,"The vulnerability in the Toshiba Remote Command Program enables an attacker to execute remote code under specific conditions. While this vulnerability is difficult to exploit independently, it can be leveraged in combination with other vulnerabilities, potentially amplifying its impact. This complex exploit situation implies that attackers must possess a nuanced understanding of the underlying systems in order to successfully execute malicious commands. For more detailed information about this vulnerability and any related concerns, please contact Toshiba support.",Toshiba,Toshiba Tec E-studio Multi-function Peripheral (mfp),9.8,CRITICAL,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-14T04:03:18.120Z,0
CVE-2024-27173,https://securityvulnerability.io/vulnerability/CVE-2024-27173,Toshiba Remote Command Program Vulnerability Allows Remote Code Execution,"A vulnerability in Toshiba Tec's Remote Command program allows for Remote Code Execution by enabling an attacker to overwrite existing Python files containing executable code. While this vulnerability can be executed alongside other existing vulnerabilities, its standalone execution is challenging, resulting in a lower individual severity score. Careful review and mitigation strategies are advised for systems utilizing this software to protect against potential exploitation.",Toshiba,Toshiba Tec E-studio Multi-function Peripheral (mfp),9.8,CRITICAL,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-14T04:01:54.119Z,0
CVE-2024-27172,https://securityvulnerability.io/vulnerability/CVE-2024-27172,Attackers Can Exploit Remote Command Program Vulnerabilities for Remote Code Execution,"The vulnerability in Toshiba's Remote Command program exposes the affected systems to the risk of unauthorized remote code execution. Attackers could exploit this flaw to execute arbitrary commands on compromised devices, potentially leading to a complete system takeover. The vulnerability is inherent in the way the program processes user inputs, allowing an attacker to send specially crafted requests that can manipulate the execution flow. Organizations using affected versions of the Remote Command Program should review their security measures and apply any available patches to mitigate the risks associated with this vulnerability.",Toshiba,Toshiba Tec E-studio Multi-function Peripheral (mfp),9.8,CRITICAL,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-06-14T04:00:40.846Z,0
CVE-2024-27171,https://securityvulnerability.io/vulnerability/CVE-2024-27171,Remote Attacker Can Overwrite Any Python File for Remote Code Execution,"A security vulnerability exists within Toshiba's product suite that allows remote attackers to exploit insecure file upload functionalities. This flaw provides the ability to overwrite any Python files, resulting in potential remote code execution. Users and administrators of affected Toshiba products should prioritize reviewing their environment for this vulnerability and apply necessary patches to mitigate the risk of exploitation.",Toshiba,Toshiba Tec E-studio Multi-function Peripheral (mfp),7.4,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-14T03:59:24.365Z,0
CVE-2024-27170,https://securityvulnerability.io/vulnerability/CVE-2024-27170,Toshiba Printers Vulnerable to WebDAV Access,"A significant security concern has been identified in various Toshiba printers, where user credentials for WebDAV access are stored in a publicly readable file. This flaw opens the door for potential attackers to gain unauthorized full access to the printer's functionalities via WebDAV, posing serious risks to data confidentiality and integrity. Affected models may require immediate attention to mitigate exploitation risks by reviewing access controls and applying any available security patches.",Toshiba,Toshiba Tec E-studio Multi-function Peripheral (mfp),7.4,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-14T03:56:21.336Z,0
CVE-2024-27169,https://securityvulnerability.io/vulnerability/CVE-2024-27169,Toshiba Printers Expose Administrative Access Without Authentication,"A vulnerability exists in Toshiba printers that exposes API endpoints without proper authentication, allowing local attackers to bypass necessary security measures. This flaw enables malicious users to gain unauthorized administrative access, potentially compromising sensitive data and the integrity of the printing environment. Organizations utilizing affected Toshiba printer models should ensure they implement necessary security measures to mitigate the risks associated with this vulnerability.",Toshiba,Toshiba Tec E-studio Multi-function Peripheral (mfp),8.4,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-14T03:55:04.544Z,0
CVE-2024-27168,https://securityvulnerability.io/vulnerability/CVE-2024-27168,Hardcoded Keys Expose Administrative Interfaces to Attack,"The authentication mechanism in certain Toshiba TEC products uses hardcoded keys for access to internal APIs. This security design flaw can potentially allow an attacker to bypass authentication controls simply by exploiting knowledge of these private keys. As a result, unauthorized individuals may gain access to sensitive administrative interfaces, posing significant risks to the integrity and confidentiality of the affected systems. Organizations using these products are advised to review their security measures and implement alternative authentication strategies to mitigate the risk.",Toshiba,Toshiba Tec E-studio Multi-function Peripheral (mfp),7.1,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-14T03:53:58.804Z,0
CVE-2024-27167,https://securityvulnerability.io/vulnerability/CVE-2024-27167,Toshiba Printers Vulnerable to Email Attack via Insecure Sendmail Configuration,"Toshiba printers utilize Sendmail for email functionality, and this implementation is compromised due to the presence of insecure directories. A local attacker can exploit this vulnerability by injecting a malicious Sendmail configuration file, leading to unauthorized changes in email settings. This vulnerability poses risks for various models and versions of Toshiba printers, making it critical for users to review their security configurations to mitigate potential exploitation.",Toshiba,Toshiba Tec E-studio Multi-function Peripheral (mfp),7.4,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-14T03:52:38.112Z,0
CVE-2024-27166,https://securityvulnerability.io/vulnerability/CVE-2024-27166,Toshiba Printers Vulnerable to Confidential Information Theft,"Toshiba printers have been identified as having a security vulnerability due to incorrect permissions set on core dump binaries. This misconfiguration can potentially allow a local attacker to gain unauthorized access to sensitive and confidential information stored within the printer system. The lack of proper access controls serves as a significant risk, making it crucial for users and administrators to address this issue promptly. For more detailed information, please refer to the documentation provided by Toshiba and various security advisories.",Toshiba,Toshiba Tec E-studio Multi-function Peripheral (mfp),7.4,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-14T03:48:46.097Z,0
CVE-2024-27165,https://securityvulnerability.io/vulnerability/CVE-2024-27165,Toshiba Printers Vulnerable to Local Privilege Escalation Attacks,"Certain Toshiba printers contain a suidperl binary that exposes a vulnerability allowing local attackers to escalate privileges to root level. This flaw can be exploited by individuals with local access to the printer's system, posing a serious risk to networked environments where sensitive data may be processed or transmitted. Users are advised to review the list of impacted models and their respective versions to ensure that the necessary security measures are applied to mitigate potential threats.",Toshiba,Toshiba Tec E-studio Multi-function Peripheral (mfp),7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-14T03:43:22.266Z,0
CVE-2024-27164,https://securityvulnerability.io/vulnerability/CVE-2024-27164,Toshiba Printers Contain Hardcoded Credentials,"Toshiba printers exhibit a significant security vulnerability due to hardcoded credentials within their software. This flaw allows unauthorized access to the device and the potential for exploitation by malicious actors. The presence of these hardcoded credentials undermines the security integrity of the affected products, making it essential for users to review product models and implement recommended security measures as outlined in Toshiba's advisories. Failure to address this vulnerability may lead to unauthorized use, information leakage, and heightened risks to network security.",Toshiba,Toshiba Tec E-studio Multi-function Peripheral (mfp),7.1,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-14T03:42:00.905Z,0
CVE-2024-27163,https://securityvulnerability.io/vulnerability/CVE-2024-27163,Toshiba Printers Display Admin Password in Clear-Text,"Toshiba printers exhibit a vulnerability that allows the admin user's password to be revealed in clear-text when two specific HTTP requests are sent to their internal API. This situation poses significant risks, as an attacker who manages to steal an admin's cookie or exploit a related Cross-Site Scripting (XSS) vulnerability can easily retrieve this sensitive information. While the vulnerability itself may not be easily exploitable on its own, it can be leveraged in combination with other vulnerabilities to compromise the printer's security. For further information on affected models and related issues, please contact Toshiba or refer to their official communication channels.",Toshiba,Toshiba Tec E-studio Multi-function Peripheral (mfp),6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-14T03:40:44.063Z,0
CVE-2024-27162,https://securityvulnerability.io/vulnerability/CVE-2024-27162,Toshiba Printers Vulnerable to Cross-Site Scripting (XSS) Attacks,"Toshiba printers provide a web interface that will load the JavaScript file. The file contains insecure codes vulnerable to XSS and is loaded inside all the webpages provided by the printer. An attacker can steal the cookie of an admin user. As for the affected products/models/versions, see the reference URL.",Toshiba,Toshiba Tec E-studio Multi-function Peripheral (mfp),6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-14T03:39:04.876Z,0
CVE-2024-27161,https://securityvulnerability.io/vulnerability/CVE-2024-27161,Toshiba Printers Vulnerable to Decryption Attack,"all the Toshiba printers have programs containing a hardcoded key used to encrypt files. An attacker can decrypt the encrypted files using the hardcoded key. Insecure algorithm is used for the encryption. This vulnerability can be executed in combination with other vulnerabilities and  difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the ""Base Score"" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point.
 https://www.toshibatec.com/contacts/products/ 
As for the affected products/models/versions, see the reference URL.",Toshiba,Toshiba Tec E-studio Multi-function Peripheral (mfp),6.2,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-14T03:37:14.751Z,0
CVE-2024-27160,https://securityvulnerability.io/vulnerability/CVE-2024-27160,Toshiba Printers Vulnerable to Encryption Bypass,"All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and  difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the ""Base Score"" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point.
 https://www.toshibatec.com/contacts/products/ 
As for the affected products/models/versions, see the reference URL.",Toshiba,Toshiba Tec E-studio Multi-function Peripheral (mfp),6.2,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-14T03:33:50.028Z,0