CVE-2024-27173 – insecure upload
https://notcve.org/view.php?id=CVE-2024-27173
Remote Command program allows an attacker to get Remote Code Execution by overwriting existing Python files containing executable code. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. El programa Remote Command permite a un atacante obtener la ejecución remota de código sobrescribiendo archivos Python existentes que contienen código ejecutable. • https://github.com/Ieakd/0day-POC-for-CVE-2024-27173 http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-27172 – Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-27172
Remote Command program allows an attacker to get Remote Code Execution. As for the affected products/models/versions, see the reference URL. El programa Remote Command permite a un atacante obtener la ejecución remota de código. En cuanto a los productos/modelos/versiones afectados, consulte la URL de referencia. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2024-27171 – Insecure permissions
https://notcve.org/view.php?id=CVE-2024-27171
A remote attacker using the insecure upload functionality will be able to overwrite any Python file and get Remote Code Execution. As for the affected products/models/versions, see the reference URL. Un atacante remoto que utilice la funcionalidad de carga insegura podrá sobrescribir cualquier archivo Python y obtener la ejecución remota de código. En cuanto a los productos/modelos/versiones afectados, consulte la URL de referencia. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-276: Incorrect Default Permissions •
CVE-2024-27170 – Hardcoded credentials for WebDAV access
https://notcve.org/view.php?id=CVE-2024-27170
It was observed that all the Toshiba printers contain credentials used for WebDAV access in the readable file. Then, it is possible to get a full access with WebDAV to the printer. As for the affected products/models/versions, see the reference URL. Se observó que todas las impresoras Toshiba contienen credenciales utilizadas para el acceso WebDAV en el archivo legible. Entonces, es posible obtener acceso completo con WebDAV a la impresora. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-798: Use of Hard-coded Credentials •
CVE-2024-27169 – Lack of authentication
https://notcve.org/view.php?id=CVE-2024-27169
Toshiba printers provides API without authentication for internal access. A local attacker can bypass authentication in applications, providing administrative access. As for the affected products/models/versions, see the reference URL. Las impresoras Toshiba proporcionan API sin autenticación para acceso interno. Un atacante local puede eludir la autenticación en las aplicaciones y proporcionar acceso administrativo. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-306: Missing Authentication for Critical Function •