Magánszemélyeknek

Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal confidential information. As for the affected products/models/versions, see the reference URL.

Toshiba printers use Sendmail to send emails to recipients. Sendmail is used with several insecure directories. A local attacker can inject a malicious Sendmail configuration file. As for the...

It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for...

Toshiba printers provides API without authentication for internal access. A local attacker can bypass authentication in applications, providing administrative access. As for the affected...

It was observed that all the Toshiba printers contain credentials used for WebDAV access in the readable file. Then, it is possible to get a full access with WebDAV to the printer. As for the...

A remote attacker using the insecure upload functionality will be able to overwrite any Python file and get Remote Code Execution. As for the affected products/models/versions, see the reference URL.

Remote Command program allows an attacker to get Remote Code Execution. As for the affected products/models/versions, see the reference URL.

Remote Command program allows an attacker to get Remote Code Execution by overwriting existing Python files containing executable code. This vulnerability can be executed in combination with other...

Remote Command program allows an attacker to get Remote Code Execution. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS...

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWizardCfg.