PT-2024-5173 · Toshiba · Toshiba E-Studio2518A

Harry Zhang

Published

2024-02-14

Updated

2024-06-20

CVE-2024-3496

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Toshiba e-STUDIO2518A (affected versions not specified)

Description: The issue allows attackers to bypass the web login authentication process, gaining access to the printer's system information and enabling the upload of malicious drivers. This is achieved by exploiting an alternative path or channel, potentially allowing a remote attacker to bypass security restrictions and upload arbitrary files.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Authentication Bypass Using an Alternate Path or Channel

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-288

Related Identifiers

BDU:2024-05729

CVE-2024-3496

ZDI-24-813

Affected Products

Toshiba E-Studio2518A

PT-2024-5173 · Toshiba · Toshiba E-Studio2518A

CVE-2024-3496

Weakness Enumeration

Related Identifiers

Affected Products

References · 10