VYPR

printer

by Toshiba

CVEs (12)

  • CVE-2024-27143CriJun 14, 2024
    risk 0.64cvss 9.8epss 0.01

    Toshiba printers use SNMP for configuration. Using the private community, it is possible to remotely execute commands as root on the remote printer. Using this vulnerability will allow any attacker to get a root access on a remote Toshiba printer. This vulnerability can be…

  • CVE-2024-3497HigJun 14, 2024
    risk 0.57cvss 8.8epss 0.01

    Path traversal vulnerability in the web server of the Toshiba printer enables attacker to overwrite orginal files or add new ones to the printer. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-27169HigJun 14, 2024
    risk 0.55cvss 8.4epss 0.00

    Toshiba printers provides API without authentication for internal access. A local attacker can bypass authentication in applications, providing administrative access. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-27165HigJun 14, 2024
    risk 0.51cvss 7.8epss 0.00

    Toshiba printers contain a suidperl binary and it has a Local Privilege Escalation vulnerability. A local attacker can get root privileges. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-27167HigJun 14, 2024
    risk 0.48cvss 7.4epss 0.00

    Toshiba printers use Sendmail to send emails to recipients. Sendmail is used with several insecure directories. A local attacker can inject a malicious Sendmail configuration file. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-27166HigJun 14, 2024
    risk 0.48cvss 7.4epss 0.00

    Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal confidential information. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-27153HigJun 14, 2024
    risk 0.48cvss 7.4epss 0.00

    The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-27148HigJun 14, 2024
    risk 0.48cvss 7.4epss 0.00

    The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-27163MedJun 14, 2024
    risk 0.42cvss 6.5epss 0.00

    Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. An attacker stealing the cookie of an admin or abusing a XSS vulnerability can recover this password in clear-text and…

  • CVE-2024-27161MedJun 14, 2024
    risk 0.40cvss 6.2epss 0.00

    all the Toshiba printers have programs containing a hardcoded key used to encrypt files. An attacker can decrypt the encrypted files using the hardcoded key. Insecure algorithm is used for the encryption. This vulnerability can be executed in combination with other…

  • CVE-2024-27142MedJun 14, 2024
    risk 0.38cvss 5.9epss 0.01

    Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers. An attacker can exploit the…

  • CVE-2024-27141MedJun 14, 2024
    risk 0.38cvss 5.9epss 0.01

    Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers by sending a HTTP request…