CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27143 – Pre-authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-27143
Toshiba printers use SNMP for configuration. Using the private community, it is possible to remotely execute commands as root on the remote printer. Using this vulnerability will allow any attacker to get a root access on a remote Toshiba printer. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-250: Execution with Unnecessary Privileges •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27142 – Pre-authenticated XXE injection
https://notcve.org/view.php?id=CVE-2024-27142
Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers. An attacker can exploit the XXE to retrieve information. As for the affected products/models/versions, see the reference URL. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27141 – Pre-authenticated Time-Based Blind XXE injection
https://notcve.org/view.php?id=CVE-2024-27141
Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers by sending a HTTP request without authentication. An attacker can exploit the XXE to retrieve information. As for the affected products/models/versions, see the reference URL. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-22475
https://notcve.org/view.php?id=CVE-2024-22475
Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. Vulnerabilidad de Cross-Site Request Forgery en múltiples impresoras y escáneres que implementan administración basada en web proporcionada por BROTHER INDUSTRIES, LTD. permite que un atacante remoto no autenticado realice operaciones no deseadas en el producto afectado. En cuanto a los detalles de los nombres de productos, números de modelo y versiones afectados, consulte la información proporcionada por los respectivos proveedores que figuran en [Referencias]. • https://jvn.jp/en/jp/JVN82749078 https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faqp00100601_000 https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faq00100823_000 https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002 https://www.toshibatec.com/information/20240306_01.html •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-21824
https://notcve.org/view.php?id=CVE-2024-21824
Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative user. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. Existe una vulnerabilidad de autenticación incorrecta en varias impresoras y escáneres que implementan la administración basada en web proporcionada por BROTHER INDUSTRIES, LTD. Si se explota esta vulnerabilidad, un usuario adyacente a la red que pueda acceder al producto puede hacerse pasar por un usuario administrativo. • https://jvn.jp/en/jp/JVN82749078 https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faqp00100601_000 https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faq00100823_000 https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002 https://www.toshibatec.com/information/20240306_01.html •