Lucene search

CVE-2024-27171

🗓️ 14 Jun 2024 04:35:15Reported by ToshibaType

cve🔗 web.nvd.nist.gov👁 50 Views🌐 WEB

Insecure upload allows remote code execution

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 5
Cvelist	CVE-2024-27171 Insecure permissions	14 Jun 202403:59	–	cvelist
Vulnrichment	CVE-2024-27171 Insecure permissions	14 Jun 202403:59	–	vulnrichment
NVD	CVE-2024-27171	14 Jun 202404:15	–	nvd
Packet Storm	Toshiba Multi-Function Printers 40 Vulnerabilities	4 Jul 202400:00	–	packetstorm
OpenVAS	Toshiba Printers Multiple Vulnerabilities (May 2024)	8 Jul 202400:00	–	openvas

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "Toshiba Tec e-Studio multi-function peripheral (MFP)",
    "vendor": "Toshiba Tec Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "see the reference URL"
      }
    ]
  }
]

Source	Link
toshibatec	www.toshibatec.com/information/pdf/information20240531_01.pdf
toshibatec	www.toshibatec.com/information/20240531_01.html
seclists	www.seclists.org/fulldisclosure/2024/Jul/1
jvn	www.jvn.jp/en/vu/JVNVU97136265/index.html

Parameter	Position	Path	Description	CWE
Name	binary	/contentwebserver/upload	Insecure upload endpoint allowing arbitrary file uploads, potentially leading to RCE.	CWE-276

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

14 Jun 2024 04:15Current

7.8High risk

Vulners AI Score7.8

CVSS37.4

EPSS0.00102

SSVC

CWE-276