Zhenhua Huang

Name of the Vulnerable Software and Affected Versions: Toshiba e-STUDIO versions (affected versions not specified) Description: The issue is related to insufficient access control in the vsftpd daemon of Toshiba e-STUDIO multifunctional devices, which can allow an attacker to execute arbitrary code. Attackers can enable certain services of the printer via the web configuration page and elevate privileges to root. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Toshiba e-STUDIO versions (affected versions not specified) Description: The issue is related to a path traversal vulnerability in the web server of Toshiba printers, which can be exploited by an attacker to overwrite original files or add new ones to the printer. This vulnerability is associated with errors in handling relative paths to directories in the unzip method of the firmware. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code, create new files, or overwrite existing ones. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Toshiba e-STUDIO2518A (affected versions not specified) Description: The issue allows attackers to bypass the web login authentication process, gaining access to the printer's system information and enabling the upload of malicious drivers. This is achieved by exploiting an alternative path or channel, potentially allowing a remote attacker to bypass security restrictions and upload arbitrary files. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.