CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27144 – Pre-authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-27144
The programs can be replaced by malicious programs by any local or remote attacker. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. ... Para obtener detalles sobre otras vulnerabilidades relacionadas, consulte al siguiente punto de contacto. https://www.toshibatec.com/contacts/products/ En cuanto a los productos/modelos/versiones afectados, consulte la URL de referencia. 103 models of Toshiba Multi-Function Printers (MFP) are vulnerable to 40 different vulnerabilities including remote code execution, local privilege escalation, xml injection, and more. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27143 – Pre-authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-27143
Using the private community, it is possible to remotely execute commands as root on the remote printer. Using this vulnerability will allow any attacker to get a root access on a remote Toshiba printer. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. ... Para obtener detalles sobre otras vulnerabilidades relacionadas, consulte al siguiente punto de contacto. https://www.toshibatec.com/contacts/products/ En cuanto a los productos/modelos/versiones afectados, consulte la URL de referencia. 103 models of Toshiba Multi-Function Printers (MFP) are vulnerable to 40 different vulnerabilities including remote code execution, local privilege escalation, xml injection, and more. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-250: Execution with Unnecessary Privileges •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27142 – Pre-authenticated XXE injection
https://notcve.org/view.php?id=CVE-2024-27142
En cuanto a los productos/modelos/versiones afectados, consulte la URL de referencia. 103 models of Toshiba Multi-Function Printers (MFP) are vulnerable to 40 different vulnerabilities including remote code execution, local privilege escalation, xml injection, and more. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27141 – Pre-authenticated Time-Based Blind XXE injection
https://notcve.org/view.php?id=CVE-2024-27141
En cuanto a los productos/modelos/versiones afectados, consulte la URL de referencia. 103 models of Toshiba Multi-Function Printers (MFP) are vulnerable to 40 different vulnerabilities including remote code execution, local privilege escalation, xml injection, and more. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-24320
https://notcve.org/view.php?id=CVE-2024-24320
Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles function. • https://datack.my/cloudpanel-v2-0-0-v2-4-0-authenticated-user-session-hijacking-cve-2024-24320 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •