Lucene search
K

163 matches found

CVE
CVE
โ€ขadded 2025/06/25 7:28 a.m.โ€ข22 views

CVE-2024-51984

CVE-2024-51984 describes an authentication-based credential disclosure risk affecting multiple Brother-branded devices and peers (Konica Minolta, FUJIFILM, Ricoh, Toshiba Tec) via pass-back to external services. An authenticated attacker can reconfigure a target device to use an attacker-controll...

6.8CVSS7.2AI score0.00846EPSS
Exploits0References10
Cvelist
Cvelist
โ€ขadded 2025/06/25 7:28 a.m.โ€ข13 views

CVE-2024-51984 Authenticated disclosure of external service passwords via pass-back attack affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc.

An authenticated attacker can reconfigure the target device to use an external service such as LDAP or FTP controlled by the attacker. If an existing password is present for an external service, the attacker can force the target device to authenticate to an attacker controlled device using the...

6.8CVSS0.00846EPSS
Exploits0References10
Vulnrichment
Vulnrichment
โ€ขadded 2025/06/25 7:26 a.m.โ€ข7 views

CVE-2024-51983 Unauthenticated Denial of Service (DoS) via malformed WS-Scan request affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc.

An unauthenticated attacker who can connect to the Web Services feature HTTP TCP port 80 can issue a WS-Scan SOAP request containing an unexpected JobToken value which will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the...

7.5CVSS7.3AI score0.07466EPSS
Exploits0References9
Cvelist
Cvelist
โ€ขadded 2025/06/25 7:26 a.m.โ€ข23 views

CVE-2024-51983 Unauthenticated Denial of Service (DoS) via malformed WS-Scan request affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc.

An unauthenticated attacker who can connect to the Web Services feature HTTP TCP port 80 can issue a WS-Scan SOAP request containing an unexpected JobToken value which will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the...

7.5CVSS0.07466EPSS
Exploits0References9
Vulnrichment
Vulnrichment
โ€ขadded 2025/06/25 7:23 a.m.โ€ข7 views

CVE-2024-51981 Unauthenticated Server Side Request Forgery (SSRF) via WS-Eventing affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, and Toshiba Tec, and Konica Minolta, Inc.

An unauthenticated attacker may perform a blind server side request forgery SSRF, due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The attacker can control al...

5.3CVSS7.5AI score0.00822EPSS
Exploits0References10
Cvelist
Cvelist
โ€ขadded 2025/06/25 7:23 a.m.โ€ข20 views

CVE-2024-51981 Unauthenticated Server Side Request Forgery (SSRF) via WS-Eventing affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, and Toshiba Tec, and Konica Minolta, Inc.

An unauthenticated attacker may perform a blind server side request forgery SSRF, due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The attacker can control al...

5.3CVSS0.00822EPSS
Exploits0References10
CVE
CVE
โ€ขadded 2025/06/25 7:22 a.m.โ€ข29 views

CVE-2024-51980

CVE-2024-51980 is an unauthenticated SSRF that, via WS-Addressing ReplyTo in a SOAP web service on HTTP (port 80), forces affected devices to open a TCP connection to an arbitrary IP/port. The vulnerability is reported across multiple Brother Konica Minolta, FUJIFILM, Ricoh, and Toshiba devices (...

5.3CVSS7.3AI score0.00858EPSS
Exploits0References10
Cvelist
Cvelist
โ€ขadded 2025/06/25 7:22 a.m.โ€ข34 views

CVE-2024-51980 Unauthenticated Server Side Request Forgery (SSRF) via WS-Addressing affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc.

An unauthenticated attacker may perform a limited server side request forgery SSRF, forcing the target device to open a TCP connection to an arbitrary port number on an arbitrary IP address. This SSRF leverages the WS-Addressing ReplyTo element in a Web service HTTP TCP port 80 SOAP request. The...

5.3CVSS0.00858EPSS
Exploits0References10
Vulnrichment
Vulnrichment
โ€ขadded 2025/06/25 7:17 a.m.โ€ข7 views

CVE-2024-51978 Authentication bypass via default password generation affecting multiple models from Brother Industries, Ltd, Toshiba Tec, and Konica Minolta, Inc.

An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP...

9.8CVSS7.5AI score0.23635EPSS
Exploits0References10
CVE
CVE
โ€ขadded 2025/06/25 7:17 a.m.โ€ข107 views

CVE-2024-51978

CVE-2024-51978 enables an unauthenticated attacker to derive the deviceโ€™s default administrator password by leaking the device serial number. The serial number can be exposed via CVE-2024-51977 (through HTTP, HTTPS, IPP), or via PJL or SNMP requests, allowing remote compromise of Brother and Koni...

9.8CVSS7.5AI score0.23635EPSS
In wildExploits0References13
Cvelist
Cvelist
โ€ขadded 2025/06/25 7:17 a.m.โ€ข147 views

CVE-2024-51978 Authentication bypass via default password generation affecting multiple models from Brother Industries, Ltd, Toshiba Tec, and Konica Minolta, Inc.

An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP...

9.8CVSS0.23635EPSS
Exploits0References10
Cvelist
Cvelist
โ€ขadded 2025/06/25 7:15 a.m.โ€ข14 views

CVE-2024-51977 Unauthenticated leak of sensitive information affecting multiple models from Brother Industries, Ltd., FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc.

An unauthenticated attacker who can access either the HTTP service TCP port 80, the HTTPS service TCP port 443, or the IPP service TCP port 631, can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mntinfo.csv can be accessed via a GET request and no...

5.3CVSS0.7656EPSS
Exploits0References11
CVE
CVE
โ€ขadded 2025/06/25 7:15 a.m.โ€ข86 views

CVE-2024-51977

CVE-2024-51977 affects at least one Brother multiโ€‘function device (notably the MFCโ€‘L9570CDW) where an unauthenticated attacker can reach the HTTP/HTTPS/IPP services on ports 80/443/631 and retrieve /etc/mnt_info.csv. The CSV exposes device info including model, firmware version, IP address, and s...

5.3CVSS7.2AI score0.7656EPSS
In wildExploits0References11
RedhatCVE
RedhatCVE
โ€ขadded 2025/05/23 8:8 a.m.โ€ข10 views

CVE-2024-45842

Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Unintended internal files may be retrieved when processing crafted HTTP requests...

5.3CVSS6.9AI score0.00541EPSS
Exploits0References1
RedhatCVE
RedhatCVE
โ€ขadded 2025/05/23 7:31 a.m.โ€ข10 views

CVE-2024-48870

Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users...

6.2CVSS6.1AI score0.00324EPSS
Exploits0References1
RedhatCVE
RedhatCVE
โ€ขadded 2025/05/22 12:15 p.m.โ€ข7 views

CVE-2012-1239

The TopAccess web-based management interface on TOSHIBA TEC e-Studio multi-function peripheral MFP devices with firmware 30x through 302, 35x through 354, and 4xx through 421 allows remote attackers to bypass authentication and obtain administrative privileges via unspecified vectors...

10CVSS7.7AI score0.04725EPSS
Exploits0References1
RedhatCVE
RedhatCVE
โ€ขadded 2025/05/21 8:31 p.m.โ€ข7 views

CVE-2002-2067

East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted...

7.5CVSS6.5AI score0.02184EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
โ€ขadded 2025/03/23 6:50 a.m.โ€ข4 views

Malicious code in tec-registry (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a2ef98a8d8e55d815b7f3d3955fb72a5387e95a9f22ab1702df9d88b2c152a18 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
โ€ขadded 2025/03/23 6:50 a.m.โ€ข6 views

MAL-2025-2606 Malicious code in tec-registry (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a2ef98a8d8e55d815b7f3d3955fb72a5387e95a9f22ab1702df9d88b2c152a18 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7.2AI score
Exploits0References1
RedhatCVE
RedhatCVE
โ€ขadded 2025/02/05 12:45 p.m.โ€ข10 views

CVE-2024-43424

Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed...

7.5CVSS6.9AI score0.00729EPSS
Exploits0References5
Rows per page
Query Builder