cbcvebase.
CVE-2012-1239
published 2012-04-06

CVE-2012-1239: The TopAccess web-based management interface on TOSHIBA TEC e-Studio multi-function peripheral (MFP) devices with firmware 30x through 302, 35x through 354…

PriorityP263critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
4.72%
90.7th percentile
The TopAccess web-based management interface on TOSHIBA TEC e-Studio multi-function peripheral (MFP) devices with firmware 30x through 302, 35x through 354, and 4xx through 421 allows remote attackers to bypass authentication and obtain administrative privileges via unspecified vectors.

Affected

32 ranges· showing 25
VendorProductVersion rangeFixed in
toshibatece-studio-167_with_network_printer_kit_firmware
toshibatece-studio-181_with_network_printer_kit_firmware
toshibatece-studio-182_with_network_printer_kit_firmware
toshibatece-studio-207_with_network_printer_kit_firmware
toshibatece-studio-232_firmware
toshibatece-studio-2330c_firmware
toshibatece-studio-2500c_firmware
toshibatece-studio-255_firmware
toshibatece-studio-255p_firmware
toshibatece-studio-281c_firmware
toshibatece-studio-282_firmware
toshibatece-studio-2830c_firmware
toshibatece-studio-3500c_firmware
toshibatece-studio-3510c_firmware
toshibatece-studio-351c_firmware
toshibatece-studio-3520c_firmware
toshibatece-studio-352_firmware
toshibatece-studio-355_firmware
toshibatece-studio-451c_firmware
toshibatece-studio-4520c_firmware
toshibatece-studio-452_firmware
toshibatece-studio-455_firmware
toshibatece-studio-5520c_firmware
toshibatece-studio-600_firmware
toshibatece-studio-6520c_firmware

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://www.example.com/TopAccess//Administrator/Setup/ScanToFile/List.htm
  • Authentication bypass on TOSHIBA TEC e-Studio MFP devices is triggered via a double-slash path traversal pattern in the TopAccess web interface URL (e.g., /TopAccess//Administrator/...), allowing direct access to administrative pages without credentials.
  • Monitor HTTP requests to the TopAccess interface containing double-slash sequences (//Administrator/) as an indicator of authentication bypass attempts against affected TOSHIBA e-Studio MFP devices.
  • ·The vulnerability affects TOSHIBA TEC e-Studio MFP devices running firmware versions 30x–302, 35x–354, and 4xx–421; the authentication bypass path is specific to the TopAccess web-based management interface.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.