CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-27170 – Hardcoded credentials for WebDAV access
https://notcve.org/view.php?id=CVE-2024-27170
14 Jun 2024 — En cuanto a los productos/modelos/versiones afectados, consulte la URL de referencia. 103 models of Toshiba Multi-Function Printers (MFP) are vulnerable to 40 different vulnerabilities including remote code execution, local privilege escalation, xml injection, and more. • https://packetstorm.news/files/id/179367 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-27169 – Lack of authentication
https://notcve.org/view.php?id=CVE-2024-27169
14 Jun 2024 — A local attacker can bypass authentication in applications, providing administrative access. ... Un atacante local puede eludir la autenticación en las aplicaciones y proporcionar acceso administrativo. En cuanto a los productos/modelos/versiones afectados, consulte la URL de referencia. 103 models of Toshiba Multi-Function Printers (MFP) are vulnerable to 40 different vulnerabilities including remote code execution, local privilege escalation, xml injection, and more. • https://packetstorm.news/files/id/179367 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-27168 – Hardcoded keys used to generate authentication cookies
https://notcve.org/view.php?id=CVE-2024-27168
14 Jun 2024 — En cuanto a los productos/modelos/versiones afectados, consulte la URL de referencia. 103 models of Toshiba Multi-Function Printers (MFP) are vulnerable to 40 different vulnerabilities including remote code execution, local privilege escalation, xml injection, and more. • https://packetstorm.news/files/id/179367 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-27167 – Insecure permissions
https://notcve.org/view.php?id=CVE-2024-27167
14 Jun 2024 — A local attacker can inject a malicious Sendmail configuration file. ... Un atacante local puede inyectar un archivo de configuración de Sendmail malicioso. En cuanto a los productos/modelos/versiones afectados, consulte la URL de referencia. 103 models of Toshiba Multi-Function Printers (MFP) are vulnerable to 40 different vulnerabilities including remote code execution, local privilege escalation, xml injection, and more. • https://packetstorm.news/files/id/179367 • CWE-276: Incorrect Default Permissions •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-27166 – Insecure permissions
https://notcve.org/view.php?id=CVE-2024-27166
14 Jun 2024 — A local attacker can steal confidential information. ... Un atacante local puede robar información confidencial. En cuanto a los productos/modelos/versiones afectados, consulte la URL de referencia. 103 models of Toshiba Multi-Function Printers (MFP) are vulnerable to 40 different vulnerabilities including remote code execution, local privilege escalation, xml injection, and more. • https://packetstorm.news/files/id/179367 • CWE-256: Plaintext Storage of a Password CWE-276: Incorrect Default Permissions CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-27165 – Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-27165
14 Jun 2024 — Toshiba printers contain a suidperl binary and it has a Local Privilege Escalation vulnerability. A local attacker can get root privileges. ... Un atacante local puede obtener privilegios de root. En cuanto a los productos/modelos/versiones afectados, consulte la URL de referencia. 103 models of Toshiba Multi-Function Printers (MFP) are vulnerable to 40 different vulnerabilities including remote code execution, local privilege escalation, xml injection... • https://packetstorm.news/files/id/179367 • CWE-272: Least Privilege Violation •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-27164 – Hardcoded credentials
https://notcve.org/view.php?id=CVE-2024-27164
14 Jun 2024 — En cuanto a los productos/modelos/versiones afectados, consulte la URL de referencia. 103 models of Toshiba Multi-Function Printers (MFP) are vulnerable to 40 different vulnerabilities including remote code execution, local privilege escalation, xml injection, and more. • https://packetstorm.news/files/id/179367 • CWE-259: Use of Hard-coded Password •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-27163 – Leak of admin password and passwords
https://notcve.org/view.php?id=CVE-2024-27163
14 Jun 2024 — Para obtener detalles sobre otras vulnerabilidades relacionadas, consulte al siguiente punto de contacto. https://www.toshibatec.com/contacts/products/ En cuanto a los productos/modelos/versiones afectados, consulte la URL de referencia. 103 models of Toshiba Multi-Function Printers (MFP) are vulnerable to 40 different vulnerabilities including remote code execution, local privilege escalation, xml injection, and more. • https://packetstorm.news/files/id/179367 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-27162 – DOM-based XSS
https://notcve.org/view.php?id=CVE-2024-27162
14 Jun 2024 — En cuanto a los productos/modelos/versiones afectados, consulte la URL de referencia. 103 models of Toshiba Multi-Function Printers (MFP) are vulnerable to 40 different vulnerabilities including remote code execution, local privilege escalation, xml injection, and more. • https://packetstorm.news/files/id/179367 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-27161 – Hardcoded password used to encrypt files
https://notcve.org/view.php?id=CVE-2024-27161
14 Jun 2024 — For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. 103 models of Toshiba Multi-Function Printers (MFP) are vulnerable to 40 different vulnerabilities including remote code execution, local privilege escalation, xml injection, and more. • https://packetstorm.news/files/id/179367 • CWE-798: Use of Hard-coded Credentials •