Vulnerabilities in Toshiba Tec Corporation
69 resultsCVE-2024-33610CRITICAL"sessionlist.html" and "sys_trayentryreboot.html" are accessible with no authentication. "sessionlist.html" provides logged-in users' sessioEPSS 45.1%CVE-2024-27172CRITICALRemote Code ExecutionEPSS 26.8%CVE-2024-27162MEDIUMDOM-based XSSEPSS 21.2%CVE-2024-33605HIGHImproper processing of some parameters of installed_emanual_list.html leads to a path traversal vulnerability. As for the details of affecteEPSS 6.2%CVE-2024-36251HIGHThe web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafteEPSS 3.5%CVE-2024-27173CRITICALinsecure uploadEPSS 3.2%CVE-2024-28038CRITICALThe web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving toEPSS 2.6%CVE-2024-27174CRITICALinsecure uploadEPSS 1.6%CVE-2024-27176HIGHRemote Code ExecutionEPSS 1.5%CVE-2024-27178HIGHRemote Code ExecutionEPSS 1.5%CVE-2024-27177HIGHRemote Code ExecutionEPSS 1.5%CVE-2024-28955MEDIUMAffected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine tEPSS 1.3%CVE-2024-29978MEDIUMUser passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump fiEPSS 1.3%CVE-2024-32151MEDIUMUser passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump fiEPSS 1.3%CVE-2024-27144CRITICALPre-authenticated Remote Code ExecutionEPSS 1.2%CVE-2024-27141MEDIUMPre-authenticated Time-Based Blind XXE injectionEPSS 1.1%CVE-2024-27143CRITICALPre-authenticated Remote Code ExecutionEPSS 1.1%CVE-2024-36248CRITICALAPI keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versioEPSS 1.1%CVE-2024-35244CRITICALThere are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by EPSS 1.1%CVE-2024-27145CRITICALMultiple Post-authenticated Remote Code ExecutionEPSS 1.0%