CVE-2012-1239
published 2012-04-06CVE-2012-1239: The TopAccess web-based management interface on TOSHIBA TEC e-Studio multi-function peripheral (MFP) devices with firmware 30x through 302, 35x through 354…
PriorityP263critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
4.72%
90.7th percentile
The TopAccess web-based management interface on TOSHIBA TEC e-Studio multi-function peripheral (MFP) devices with firmware 30x through 302, 35x through 354, and 4xx through 421 allows remote attackers to bypass authentication and obtain administrative privileges via unspecified vectors.
Affected
32 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| toshibatec | e-studio-167_with_network_printer_kit_firmware | — | — |
| toshibatec | e-studio-181_with_network_printer_kit_firmware | — | — |
| toshibatec | e-studio-182_with_network_printer_kit_firmware | — | — |
| toshibatec | e-studio-207_with_network_printer_kit_firmware | — | — |
| toshibatec | e-studio-232_firmware | — | — |
| toshibatec | e-studio-2330c_firmware | — | — |
| toshibatec | e-studio-2500c_firmware | — | — |
| toshibatec | e-studio-255_firmware | — | — |
| toshibatec | e-studio-255p_firmware | — | — |
| toshibatec | e-studio-281c_firmware | — | — |
| toshibatec | e-studio-282_firmware | — | — |
| toshibatec | e-studio-2830c_firmware | — | — |
| toshibatec | e-studio-3500c_firmware | — | — |
| toshibatec | e-studio-3510c_firmware | — | — |
| toshibatec | e-studio-351c_firmware | — | — |
| toshibatec | e-studio-3520c_firmware | — | — |
| toshibatec | e-studio-352_firmware | — | — |
| toshibatec | e-studio-355_firmware | — | — |
| toshibatec | e-studio-451c_firmware | — | — |
| toshibatec | e-studio-4520c_firmware | — | — |
| toshibatec | e-studio-452_firmware | — | — |
| toshibatec | e-studio-455_firmware | — | — |
| toshibatec | e-studio-5520c_firmware | — | — |
| toshibatec | e-studio-600_firmware | — | — |
| toshibatec | e-studio-6520c_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Authentication bypass on TOSHIBA TEC e-Studio MFP devices is triggered via a double-slash path traversal pattern in the TopAccess web interface URL (e.g., /TopAccess//Administrator/...), allowing direct access to administrative pages without credentials. ↗
- →Monitor HTTP requests to the TopAccess interface containing double-slash sequences (//Administrator/) as an indicator of authentication bypass attempts against affected TOSHIBA e-Studio MFP devices. ↗
- ·The vulnerability affects TOSHIBA TEC e-Studio MFP devices running firmware versions 30x–302, 35x–354, and 4xx–421; the authentication bypass path is specific to the TopAccess web-based management interface. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2012-04-06
Published