Leak of admin password and passwords

Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. An attacker stealing the cookie of an admin or abusing a XSS vulnerability can recover this password in clear-text and compromise the printer. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

敏感数据的明文传输

Toshiba e-STUDIO 安全漏洞

Toshiba e-STUDIO是日本东芝（Toshiba）公司的一系列高端办公多功能打印机。 Toshiba e-STUDIO 存在安全漏洞，该漏洞源于多功能设备内部程序之间的部分通信未加密，因此信息可能被有权访问多功能设备的第三方窃取。

N/A

N/A