Printer Path Traversal Vulnerability Allows Overwriting of Original Files or Adding New Ones
CVE-2024-3497

8.8HIGH

Key Information:

Vendor: Toshiba
Status: Toshiba Tec E-studio Multi-function Peripheral (mfp)
Vendor: CVE Published:; 14 June 2024

Summary

A path traversal vulnerability exists within the web server of Toshiba printers, enabling potential attackers to perform unauthorized file operations. This security flaw permits malicious actors to overwrite existing files or introduce new files on the printer's storage system. Organizations relying on Toshiba printers are at risk of data loss and unauthorized access, necessitating immediate attention to security protocols and potential patch management. Further details regarding affected models and versions can be found through provided resources.

Affected Version(s)

Toshiba Tec e-Studio multi-function peripheral (MFP) Linux see the reference URL

References

https://www.toshibatec.com/information/20240531_01.html

https://www.toshibatec.com/information/pdf/information202...

https://jvn.jp/en/vu/JVNVU97136265/index.html

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2024
Vulnerability Reserved
Apr 9, 2024

Credit

We expresses its gratitude to Zhenhua Huang, Harry Zhang and Minmin Li for reporting relevant security vulnerabilities for our products.