Toshiba Printers Contain Hardcoded Credentials
CVE-2024-27164

7.1HIGH

Key Information:

Vendor: Toshiba
Status: Toshiba Tec E-studio Multi-function Peripheral (mfp)
Vendor: CVE Published:; 14 June 2024

Summary

Toshiba printers exhibit a significant security vulnerability due to hardcoded credentials within their software. This flaw allows unauthorized access to the device and the potential for exploitation by malicious actors. The presence of these hardcoded credentials undermines the security integrity of the affected products, making it essential for users to review product models and implement recommended security measures as outlined in Toshiba's advisories. Failure to address this vulnerability may lead to unauthorized use, information leakage, and heightened risks to network security.

Affected Version(s)

Toshiba Tec e-Studio multi-function peripheral (MFP) Linux see the reference URL

References

https://www.toshibatec.com/information/20240531_01.html

https://www.toshibatec.com/information/pdf/information202...

https://jvn.jp/en/vu/JVNVU97136265/index.html

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jun 14, 2024
Vulnerability Reserved
Feb 21, 2024

Credit

We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products.