Cross-Site Request Forgery Vulnerability in TOSHIBA TEC e-Studio Devices
CVE-2014-1990

Currently unrated

Key Information:

Vendor: Toshiba
Status: E-studio-282; E-studio-283; E-studio-232; E-studio-233
Vendor: CVE Published:; 19 April 2014

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the web-based management utility of TOSHIBA TEC e-Studio 232, 233, 282, and 283 devices. This flaw allows remote attackers to exploit the authentication process of administrators, enabling them to perform unauthorized actions, such as changing passwords, without consent. By tricking an administrator into clicking a malicious link while logged in, attackers can hijack their session and execute commands on their behalf, posing significant security risks to sensitive systems.

References

http://www.toshibatec.co.jp/page.jsp?id=4224

x_refsource_CONFIRM

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000038

third-party-advisoryx_refsource_JVNDB

http://jvn.jp/en/jp/JVN13313061/index.html

third-party-advisoryx_refsource_JVN

Timeline

Vulnerability published
Apr 19, 2014
Vulnerability Reserved
Feb 17, 2014