insecure upload

Remote Command program allows an attacker to get Remote Code Execution by overwriting existing Python files containing executable code. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

对路径名的限制不恰当(路径遍历)

Toshiba e-STUDIO 安全漏洞

Toshiba e-STUDIO是日本东芝（Toshiba）公司的一系列高端办公多功能打印机。 Toshiba e-STUDIO 存在安全漏洞，该漏洞源于使用 Web 管理程序（TopAccess），可以将任何文件放置在多功能设备中。

N/A

N/A