CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27158 – Hardcoded root password
https://notcve.org/view.php?id=CVE-2024-27158
All the Toshiba printers share the same hardcoded root password. As for the affected products/models/versions, see the reference URL. Todas las impresoras Toshiba comparten la misma contraseña raíz codificada. En cuanto a los productos/modelos/versiones afectados, consulte la URL de referencia. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-1392: Use of Default Credentials •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27157 – Leak of authentication sessions in secure logs
https://notcve.org/view.php?id=CVE-2024-27157
The sessions are stored in clear-text logs. An attacker can retrieve authentication sessions. A remote attacker can retrieve the credentials and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL. Las sesiones se almacenan en registros de texto plano. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27156 – Leak of authentication sessions in secure logs
https://notcve.org/view.php?id=CVE-2024-27156
The session cookies, used for authentication, are stored in clear-text logs. An attacker can retrieve authentication sessions. A remote attacker can retrieve the credentials and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL. Las cookies de sesión, utilizadas para la autenticación, se almacenan en registros de texto plano. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27155 – Local Privilege Escalation and Remote Code Execution using insecure permissions
https://notcve.org/view.php?id=CVE-2024-27155
The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. As for the affected products/models/versions, see the reference URL. Las impresoras Toshiba son afectadas por una vulnerabilidad de escalada de privilegios local. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-276: Incorrect Default Permissions •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27154 – Passwords are stored in clear-text logs.
https://notcve.org/view.php?id=CVE-2024-27154
Passwords are stored in clear-text logs. An attacker can retrieve passwords. As for the affected products/models/versions, see the reference URL. Las contraseñas se almacenan en registros de texto plano. Un atacante puede recuperar contraseñas. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-532: Insertion of Sensitive Information into Log File •