Vulners
Lucene search
Toshiba eStudio Printer Information Leakage
`============================================================================
Foofus.net Security Advisory: foofus-20111026
============================================================================
Title: Toshiba eStudio Multifunction Printer Information Leakage
Version: e-Studio series devices
Vendor: Toshiba
Release Date: 01/29/2011
Update Date: 10/26/2011
============================================================================
1. Summary:
Toshiba e-Studio devices found to be vulnerable to an information leakage
vulnerability.
============================================================================
2. Description:
Passwords can be extracted in plan text from html source code of various configuration
pages.
Example:
http://IP Address/TopAccess//Administrator/Setup/ScanToFile/List.htm
<td class="clsTableElement" nowrap"">
Password
<input ID="Password3" type="password" value="Plan text password" onfocus="
if (this.disable) this.blur();" maxlength="32"
============================================================================
3. Impact:
Exploiting this allows an adversary to extract passwords that can be used to gain
access to file servers, LDAP system, or other critical systems.
============================================================================
4. Affected Products:
All e-Studio devices tested against have been found to be vulnerable as of
July 2011.
Validation of specific firmware versions have not been conducted on a number
of systems. This is due to limited access to devices
Confirmed devices:
e-STUDIO305
e-STUDIO455
e-STUDIO600
e-STUDIO603
Confirmed devices and firmware version:
e-STUDIO3510c firmware version T380SY0J040
e-STUDIO281c firmware version T410SY0T233
============================================================================
5. Solution:
Contact vendor and request firmware upgrade to patch security issue.
============================================================================
6) Time Table:
01/29/2011 Reported Vulnerability.
10/27/2011 Publishes Advisory
============================================================================
7) Credits: Discovered by Deral Heiland PercX
============================================================================
8. Reference:
http://praeda.foofus.net
http://www.foofus.net/?page_id=457
============================================================================
The Foofus.Net team is an assortment of security professionals located
through out the United States. http://www.foofus.net
Follow percX on Twitter @Percent_X
============================================================================
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
27 Oct 2011 00:00Current
0.1Low risk
Vulners AI Score0.1