CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-27141 – Pre-authenticated Time-Based Blind XXE injection
https://notcve.org/view.php?id=CVE-2024-27141
14 Jun 2024 — Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers by sending a HTTP request without authentication. An attacker can exploit the XXE to retrieve information. As for the affected products/models/versions, see the reference URL. • https://packetstorm.news/files/id/179367 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-22475
https://notcve.org/view.php?id=CVE-2024-22475
18 Mar 2024 — Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. Vulnerabilidad de Cross-Site Request Forgery en múltiples impresoras y escáneres que implementan admin... • https://jvn.jp/en/jp/JVN82749078 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-21824
https://notcve.org/view.php?id=CVE-2024-21824
18 Mar 2024 — Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative user. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. Existe una vulnerabilidad de autenticación incorrecta en varias imp... • https://jvn.jp/en/jp/JVN82749078 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30421
https://notcve.org/view.php?id=CVE-2022-30421
31 Jan 2023 — Improper Authentication vulnerability in Toshiba Storage Security Software V1.2.0.7413 is that allows for sensitive information to be obtained via(local) password authentication module. La vulnerabilidad de autenticación incorrecta en Toshiba Storage Security Software V1.2.0.7413 permite obtener información confidencial a través del módulo de autenticación de contraseña (local). • http://global.11st.co.kr/glb/product/SellerProductDetail.tmall?method=getSellerProductDetail&prdNo=1398327038 • CWE-287: Improper Authentication •
CVSS: 8.4EPSS: 0%CPEs: 19EXPL: 0CVE-2020-5569
https://notcve.org/view.php?id=CVE-2020-5569
20 Apr 2020 — An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10. Since it registers Windows services with... • https://jvn.jp/en/jp/JVN13467854/index.html • CWE-428: Unquoted Search Path or Element •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16199
https://notcve.org/view.php?id=CVE-2018-16199
09 Jan 2019 — Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en la puerta de enlace Toshiba Home HEM-GW16A, en versiones 1.2.9 y anteriores y la puerta de enlace Toshiba Home HEM-GW26A, en versiones 1.2.9 y anteriores, permite que un atacante remoto inyecte scripts web o HTML arbitrarios utilizando vect... • http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16198
https://notcve.org/view.php?id=CVE-2018-16198
09 Jan 2019 — Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device. La puerta de enlace Toshiba Home HEM-GW16A, en versiones 1.2.9 y anteriores, y la puerta de enlace Toshiba Home HEM-GW26A, en versiones 1.2.9 y anteriores, podrían permitir que un atacante en el mismo segmento de red acceda a una pantalla de desarrollo no documentada para ... • http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16200
https://notcve.org/view.php?id=CVE-2018-16200
09 Jan 2019 — Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands. La puerta de enlace Toshiba Home HEM-GW16A, en versiones 1.2.9 y anteriores, y la puerta de enlace Toshiba Home HEM-GW26A, en versiones 1.2.9 y anteriores, permiten que un atacante en el mismo segmento de red ejecute comandos arbitrarios del sistema operativo. • http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16197
https://notcve.org/view.php?id=CVE-2018-16197
09 Jan 2019 — Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device. La puerta de enlace Toshiba Home HEM-GW16A, en versiones 1.2.9 y anteriores, y la puerta de enlace Toshiba Home HEM-GW26A, en versiones 1.2.9 y anteriores, permiten que un atacante en el mismo segmento de red omita las restricciones de acceso para acceder a la informaci... • http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16201
https://notcve.org/view.php?id=CVE-2018-16201
09 Jan 2019 — Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands. La puerta de enlace Toshiba Home HEM-GW16A, en versiones 1.2.9 y anteriores, y la puerta de enlace Toshiba Home HEM-GW26A, en versiones 1.2.9 y anteriores, emplea credenciales embebidas, lo que podría permitir que un a... • http://www.tlt.co.jp/tlt/information/seihin/notice/defect/20181219/20181219.htm • CWE-798: Use of Hard-coded Credentials •