[Japanese]

JVNDB-2012-000028

TOSHIBA TEC e-Studio series vulnerable to authentication bypass

Overview

Multiple e-Studio series products provided by TOSHIBA TEC CORPORATION contain an authentication bypass vulnerability.

e-Studio is a multi-function peripheral (MFP). Multiple e-Studio series products contain a vulnerability in web-based management utility, which may result in an authentication bypass.
CVSS Severity (What is CVSS?)

Base Metrics: 6.4 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: None

Affected Products

A wide range of products are affected. For more information, refer to the developer's website.

TOSHIBA TEC
  • e-STUDIO 167 with Network Printer Kit firmware T282CN0J421 and earlier
  • e-STUDIO 181 with Network Printer Kit firmware T282CN0J421 and earlier
  • e-STUDIO 182 with Network Printer Kit firmware T282CN0J421 and earlier
  • e-STUDIO 207 with Network Printer Kit firmware T282CN0J421 and earlier
  • e-STUDIO 232 firmware T377SY0J354 and earlier
  • e-STUDIO 2330C firmware T450SY0J302 and earlier
  • e-STUDIO 2500c firmware T380SY0J354 and earlier
  • e-STUDIO 255 firmware T470SY0J302 and earlier
  • e-STUDIO 255P firmware T470SY0J302 and earlier
  • e-STUDIO 281c firmware T410SY0J354 and earlier
  • e-STUDIO 282 firmware T377SY0J354 and earlier
  • e-STUDIO 2830C firmware T450SY0J302 and earlier
  • e-STUDIO 3500c firmware T380SY0J354 and earlier
  • e-STUDIO 3510c firmware T380SY0J354 and earlier
  • e-STUDIO 351c firmware T410SY0J354 and earlier
  • e-STUDIO 352 firmware T364SY0J354 and earlier
  • e-STUDIO 3520C firmware T450SY0J302 and earlier
  • e-STUDIO 355 firmware T470SY0J302 and earlier
  • e-STUDIO 451c firmware T410SY0J354 and earlier
  • e-STUDIO 452 firmware T364SY0J354 and earlier
  • e-STUDIO 4520C firmware T450SY0J302 and earlier
  • e-STUDIO 455 firmware T470SY0J302 and earlier
  • e-STUDIO 5520C firmware T430SY0J302 and earlier
  • e-STUDIO 600 firmware T390SY0J354 and earlier
  • e-STUDIO 6520C firmware T430SY0J302 and earlier
  • e-STUDIO 6530C firmware T430SY0J302 and earlier
  • e-STUDIO 655 firmware T100SY0J302 and earlier
  • e-STUDIO 720 firmware T390SY0J354 and earlier
  • e-STUDIO 755 firmware T100SY0J302 and earlier
  • e-STUDIO 850 firmware T390SY0J354 and earlier
  • e-STUDIO 855 firmware T100SY0J302 and earlier
  • TF-182 with Network Printer Kit firmware T282CN0J421 and earlier

Impact

An attacker that can access the product may log in with administrative privileges. As a result, settings may be changed and credential information may be viewed.
Solution

[Update the software]
Apply the latest update for each product according to the information provided by the developer.
Vendor Information

TOSHIBA TEC
CWE (What is CWE?)

  1. Improper Authentication(CWE-287) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2012-1239
References

  1. JVN : JVN#92830293
  2. National Vulnerability Database (NVD) : CVE-2012-1239
Revision History

[2012/04/05]
  Web page was published