CVE-2024-27163

Name of the Vulnerable Software and Affected Versions Toshiba printers (affected versions not specified)

Description The issue allows an attacker to recover the admin user password and additional passwords in clear-text by sending specific HTTP requests to the internal API. This can be achieved by stealing the admin's cookie or exploiting a XSS vulnerability. The vulnerability is difficult to execute alone and can be combined with other vulnerabilities to compromise the printer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.