CVE-2024-3498 – Incorrect Permission Assignment Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-3498
This vulnerability allows local attackers to execute arbitrary code on affected installations of Toshiba e-STUDIO2518A printers. ... An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. • https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-250: Execution with Unnecessary Privileges •
CVE-2024-3497 – Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-3497
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Toshiba e-STUDIO2518A printers. ... An attacker can leverage this vulnerability to execute code in the context of root. • https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-23: Relative Path Traversal •
CVE-2024-27178 – Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-27178
An attacker can get Remote Code Execution by overwriting files. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-27177 – Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-27177
An attacker can get Remote Code Execution by overwriting files. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-27176 – Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-27176
An attacker can get Remote Code Execution by overwriting files. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •