CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3498 – Incorrect Permission Assignment Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-3498
Attackers can then execute malicious files by enabling certain services of the printer via the web configuration page and elevate its privileges to root. ... This vulnerability allows local attackers to execute arbitrary code on affected installations of Toshiba e-STUDIO2518A printers. ... An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. • https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-250: Execution with Unnecessary Privileges •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3497 – Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-3497
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Toshiba e-STUDIO2518A printers. ... An attacker can leverage this vulnerability to execute code in the context of root. • https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-23: Relative Path Traversal •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27178 – Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-27178
An attacker can get Remote Code Execution by overwriting files. ... This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27177 – Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-27177
An attacker can get Remote Code Execution by overwriting files. ... This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27176 – Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-27176
An attacker can get Remote Code Execution by overwriting files. ... This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •