CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-27176	Remote Code Execution Description: An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying session ID variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. CVSS: HIGH (7.2) EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-27171	Insecure permissions Description: A remote attacker using the insecure upload functionality will be able to overwrite any Python file and get Remote Code Execution. As for the affected products/models/versions, see the reference URL. CVSS: HIGH (7.4) EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-27170	Hardcoded credentials for WebDAV access Description: It was observed that all the Toshiba printers contain credentials used for WebDAV access in the readable file. Then, it is possible to get a full access with WebDAV to the printer. As for the affected products/models/versions, see the reference URL. CVSS: HIGH (7.4) EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-27169	Lack of authentication Description: Toshiba printers provides API without authentication for internal access. A local attacker can bypass authentication in applications, providing administrative access. As for the affected products/models/versions, see the reference URL. CVSS: HIGH (8.4) EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-27168	Hardcoded keys used to generate authentication cookies Description: It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference URL. CVSS: HIGH (7.1) EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-27167	Insecure permissions Description: Toshiba printers use Sendmail to send emails to recipients. Sendmail is used with several insecure directories. A local attacker can inject a malicious Sendmail configuration file. As for the affected products/models/versions, see the reference URL. CVSS: HIGH (7.4) EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-27166	Insecure permissions Description: Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal confidential information. As for the affected products/models/versions, see the reference URL. CVSS: HIGH (7.4) EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-27165	Local Privilege Escalation Description: Toshiba printers contain a suidperl binary and it has a Local Privilege Escalation vulnerability. A local attacker can get root privileges. As for the affected products/models/versions, see the reference URL. CVSS: HIGH (7.8) EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-27164	Hardcoded credentials Description: Toshiba printers contain hardcoded credentials. As for the affected products/models/versions, see the reference URL. CVSS: HIGH (7.1) EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-27158	Hardcoded root password Description: All the Toshiba printers share the same hardcoded root password. As for the affected products/models/versions, see the reference URL. CVSS: HIGH (7.4) EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)