Lucene search
Zhenhua Huang from trendmicro, Minmin LiZDI-24-814HistoryJun 18, 2024 - 12:00 a.m.
Toshiba e-STUDIO2518A unzip Directory Traversal Remote Code Execution Vulnerability
2024-06-1800:00:00
Zhenhua Huang from trendmicro, Minmin Li
www.zerodayinitiative.com
1
toshiba e-studio2518a
directory traversal
remote code execution
validation
file operations
root access
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Toshiba e-STUDIO2518A printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the unzip method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of root.
Related
vulnrichment
vulnrichment
CVE-2024-3497 Directory Traversal Remote Code Execution Vulnerability
2024-06-14 04:17:56
cve
cve
CVE-2024-3497
2024-06-14 05:15:48
cvelist
cvelist
CVE-2024-3497 Directory Traversal Remote Code Execution Vulnerability
2024-06-14 04:17:56
nvd
nvd
CVE-2024-3497
2024-06-14 05:15:48