Details of VAR-190001-0886

ID

VAR-190001-0886

TITLE

Toshiba e-Studio Device Password Information Disclosure Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2011-4547

DESCRIPTION

Toshiba e-STUDIO is an all-in-one machine from Toshiba. Password information can be obtained from the HTML source code of various configuration pages, such as: http://IP Address/TopAccess/Administrator/Setup/ScanToFile/List.htm<td nowrap\">\"> Password <input ID=\342\200\235Password3\342\200\262\342\200\262 type = \"password\" value=\342\200\235Password1\342\200\235 onfocus=\342\200\235 if (this.disable) this.blur();\342\200\235 maxlength=\342\200\23532\342\200\235 Use these password information to access the file server, LDAP system, etc. Toshiba e-Studio Devices is prone to an information-disclosure vulnerability that exposes sensitive information. Successful exploits will allow unauthenticated attackers to obtain sensitive information from the device, such as an administrative password, which may aid in further attacks

Trust: 0.81

sources: CNVD: CNVD-2011-4547 // BID: 50392

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2011-4547

AFFECTED PRODUCTS

vendor:	toshiba	model:	e-studio455	scope:	-	version:	-	Trust: 0.6
vendor:	toshiba	model:	e-studio305	scope:	-	version:	-	Trust: 0.6
vendor:	toshiba	model:	e-studio455	scope:	eq	version:	0	Trust: 0.3
vendor:	toshiba	model:	e-studio305	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2011-4547 // BID: 50392

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201110-674

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201110-674

PATCH

title:

Toshiba e-Studio device password information disclosure vulnerability patch

url:

https://www.cnvd.org.cn/patchinfo/show/5685

Trust: 0.6

sources: CNVD: CNVD-2011-4547

EXTERNAL IDS

db:	BID	id:	50392	Trust: 1.5
db:	CNVD	id:	CNVD-2011-4547	Trust: 0.6
db:	CNNVD	id:	CNNVD-201110-674	Trust: 0.6

sources: CNVD: CNVD-2011-4547 // BID: 50392 // CNNVD: CNNVD-201110-674

REFERENCES

url:	http://www.foofus.net/?page_id=457	Trust: 0.9
url:	http://www.securityfocus.com/bid/50392	Trust: 0.6
url:	http://www.eid.toshiba.com.au/n_mono_search.asp	Trust: 0.3

sources: CNVD: CNVD-2011-4547 // BID: 50392 // CNNVD: CNNVD-201110-674

CREDITS

Deral Heiland PercX

Trust: 0.9

sources: BID: 50392 // CNNVD: CNNVD-201110-674

SOURCES

db:	CNVD	id:	CNVD-2011-4547
db:	BID	id:	50392
db:	CNNVD	id:	CNNVD-201110-674

LAST UPDATE DATE

2022-05-17T02:00:54.445000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-4547	date:	2011-10-28T00:00:00
db:	BID	id:	50392	date:	2011-10-27T00:00:00
db:	CNNVD	id:	CNNVD-201110-674	date:	2011-10-31T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2011-4547	date:	2011-10-28T00:00:00
db:	BID	id:	50392	date:	2011-10-27T00:00:00
db:	CNNVD	id:	CNNVD-201110-674	date:	1900-01-01T00:00:00