Several vulnerabilities have been discovered in Toshiba e-STUDIO Multi-Function Printers (MFPs), impacting 103 models globally. These vulnerabilities range from remote code execution to XML external entity injection and privilege escalation, posing significant risks to organizations using these printers. The identified flaws include critical issues such as CVE-2024-27171 and CVE-2024-27180, which affect both third-party applications and default installations on Toshiba devices.
The vulnerabilities enable threat actors to exploit various weaknesses in the printers, potentially leading to unauthorized access and control. Toshiba has responded by issuing security advisories and updates to address these issues, emphasizing the importance of applying the latest firmware versions to mitigate the risks. The vulnerabilities are present in both older and current models, making it crucial for all affected users to upgrade their systems.
In addition to technical flaws, some issues involve hardcoded passwords and insecure permissions, which could further expose sensitive data and administrative functions. The flaws have been confirmed in multiple models running recent firmware versions, indicating that the problem is widespread across Toshiba’s product line. The vulnerabilities could allow attackers to move laterally within an organization’s infrastructure if left unaddressed.
Users are advised to follow Toshiba’s security recommendations and update their printers to the latest versions to prevent potential exploitation. The ongoing risks highlight the need for robust security practices and timely responses to safeguard against emerging threats in multifunction printer technology.
Reference:
