PT-2024-5171 · Toshiba · Toshiba E-Studio

Harry Zhang

Published

2024-02-14

Updated

2024-06-18

CVE-2024-3498

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Toshiba e-STUDIO versions (affected versions not specified)

Description: The issue is related to insufficient access control in the vsftpd daemon of Toshiba e-STUDIO multifunctional devices, which can allow an attacker to execute arbitrary code. Attackers can enable certain services of the printer via the web configuration page and elevate privileges to root.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-250

Related Identifiers

BDU:2024-05727

CVE-2024-3498

ZDI-24-815

Affected Products

Toshiba E-Studio

PT-2024-5171 · Toshiba · Toshiba E-Studio

CVE-2024-3498

Weakness Enumeration

Related Identifiers

Affected Products

References · 8