Vulnerabilities (CVE)

Filtered by vendor Toshibatec Subscribe
Total 12 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-1990 1 Toshibatec 4 E-studio-232, E-studio-233, E-studio-282 and 1 more 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the web-based management utility) on TOSHIBA TEC e-Studio 232, 233, 282, and 283 devices allows remote attackers to hijack the authentication of administrators for requests that change passwords.
CVE-2012-1239 1 Toshibatec 64 E-studio-167 With Network Printer Kit, E-studio-167 With Network Printer Kit Firmware, E-studio-181 With Network Printer Kit and 61 more 2024-11-21 10.0 HIGH N/A
The TopAccess web-based management interface on TOSHIBA TEC e-Studio multi-function peripheral (MFP) devices with firmware 30x through 302, 35x through 354, and 4xx through 421 allows remote attackers to bypass authentication and obtain administrative privileges via unspecified vectors.
CVE-2024-47549 2 Sharp, Toshibatec 640 Bp-30c25, Bp-30c25 Firmware, Bp-30c25t and 637 more 2024-11-05 N/A 6.1 MEDIUM
Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser.
CVE-2024-43424 2 Sharp, Toshibatec 640 Bp-30c25, Bp-30c25 Firmware, Bp-30c25t and 637 more 2024-11-05 N/A 7.5 HIGH
Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed.
CVE-2024-42420 2 Sharp, Toshibatec 640 Bp-30c25, Bp-30c25 Firmware, Bp-30c25t and 637 more 2024-11-05 N/A 7.5 HIGH
Sharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities, due to improper processing of keyword search input and improper processing of SOAP messages. Crafted HTTP requests may cause affected products crashed.
CVE-2024-45829 2 Sharp, Toshibatec 640 Bp-30c25, Bp-30c25 Firmware, Bp-30c25t and 637 more 2024-11-05 N/A 7.5 HIGH
Sharp and Toshiba Tec MFPs provide the web page to download data, where query parameters in HTTP requests are improperly processed and resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed.
CVE-2024-45842 2 Sharp, Toshibatec 640 Bp-30c25, Bp-30c25 Firmware, Bp-30c25t and 637 more 2024-11-05 N/A 5.3 MEDIUM
Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Unintended internal files may be retrieved when processing crafted HTTP requests.
CVE-2024-47005 2 Sharp, Toshibatec 640 Bp-30c25, Bp-30c25 Firmware, Bp-30c25t and 637 more 2024-11-05 N/A 8.1 HIGH
Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by administrative users only, but insufficiently restricted. A non-administrative user may execute some configuration APIs.
CVE-2024-47406 2 Sharp, Toshibatec 640 Bp-30c25, Bp-30c25 Firmware, Bp-30c25t and 637 more 2024-11-05 N/A 9.8 CRITICAL
Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability.
CVE-2024-47801 2 Sharp, Toshibatec 640 Bp-30c25, Bp-30c25 Firmware, Bp-30c25t and 637 more 2024-11-05 N/A 6.1 MEDIUM
Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser.
CVE-2024-48870 2 Sharp, Toshibatec 640 Bp-30c25, Bp-30c25 Firmware, Bp-30c25t and 637 more 2024-11-05 N/A 4.8 MEDIUM
Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users.
CVE-2023-29984 3 Brother, Fujifilm, Toshibatec 432 Dcp-1610w, Dcp-1610w Firmware, Dcp-1610we and 429 more 2024-02-04 N/A 7.5 HIGH
Null pointer dereference vulnerability exists in multiple vendors MFPs and printers which implement Debut web server 1.2 or 1.3. Processing a specially crafted request may lead an affected product to a denial-of-service (DoS) condition. As for the affected products/models/versions, see the detailed information provided by each vendor.