cbcvebase.

Toshibatec E-Studio1058 Firmware vulnerabilities

9 known vulnerabilities affecting toshibatec/e-studio1058_firmware.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2024-47406P2CRITICALCVSS 9.8≤ t1.01.h4.002024-10-25
CVE-2024-47406 [CRITICAL] CWE-288 CVE-2024-47406: Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authenti Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability.
nvd
CVE-2024-47005P3HIGHCVSS 8.1≤ t1.01.h4.002024-10-25
CVE-2024-47005 [HIGH] CWE-749 CVE-2024-47005: Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by adm Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by administrative users only, but insufficiently restricted. A non-administrative user may execute some configuration APIs.
nvd
CVE-2024-45829P3HIGHCVSS 7.5≤ t1.01.h4.002024-10-25
CVE-2024-45829 [HIGH] CWE-125 CVE-2024-45829: Sharp and Toshiba Tec MFPs provide the web page to download data, where query parameters in HTTP req Sharp and Toshiba Tec MFPs provide the web page to download data, where query parameters in HTTP requests are improperly processed and resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed.
nvd
CVE-2024-42420P3HIGHCVSS 7.5≤ t1.01.h4.002024-10-25
CVE-2024-42420 [HIGH] CWE-125 CVE-2024-42420: Sharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities, due to improper proc Sharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities, due to improper processing of keyword search input and improper processing of SOAP messages. Crafted HTTP requests may cause affected products crashed.
nvd
CVE-2024-43424P3HIGHCVSS 7.5≤ t1.01.h4.002024-10-25
CVE-2024-43424 [HIGH] CWE-125 CVE-2024-43424: Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Re Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed.
nvd
CVE-2024-45842P4MEDIUMCVSS 5.3≤ t1.01.h4.002024-10-25
CVE-2024-45842 [MEDIUM] CWE-22 CVE-2024-45842: Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Trav Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Unintended internal files may be retrieved when processing crafted HTTP requests.
nvd
CVE-2024-47549P4MEDIUMCVSS 6.1≤ t1.01.h4.002024-10-25
CVE-2024-47549 [MEDIUM] CWE-644 CVE-2024-47549: Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow con Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser.
nvd
CVE-2024-47801P4MEDIUMCVSS 6.1≤ t1.01.h4.002024-10-25
CVE-2024-47801 [MEDIUM] CWE-79 CVE-2024-47801: Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a refl Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser.
nvd
CVE-2024-48870P4MEDIUMCVSS 4.8≤ t1.01.h4.002024-10-25
CVE-2024-48870 [MEDIUM] CWE-79 CVE-2024-48870: Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a s Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users.
nvd
Toshibatec E-Studio1058 Firmware vulnerabilities | cvebase