Toshiba Printers Share Hardcoded Root Password
CVE-2024-27158

7.4HIGH

Key Information:

Vendor: Toshiba
Status: Toshiba Tec E-studio Multi-function Peripheral (mfp)
Vendor: CVE Published:; 14 June 2024

Summary

Toshiba printers have a security flaw due to the implementation of a hardcoded root password shared across multiple models. This vulnerability compromises the integrity of the devices, allowing unauthorized users to gain access to administrative privileges without appropriate credentials. The problem arises from insufficient security measures in the device firmware, which fails to restrict access to critical system features. This vulnerability poses serious risks, particularly in environments where sensitive data may be processed or transmitted through these printers. Organizations are advised to check for software updates and apply necessary patches from Toshiba to mitigate this risk.

Affected Version(s)

Toshiba Tec e-Studio multi-function peripheral (MFP) Linux see the reference URL

References

https://www.toshibatec.com/information/20240531_01.html

https://www.toshibatec.com/information/pdf/information202...

https://jvn.jp/en/vu/JVNVU97136265/index.html

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2024
Vulnerability Reserved
Feb 21, 2024

Credit

We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products.