Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers by sending a HTTP request without authentication. An attacker can exploit the XXE to retrieve information. As for the affected products/models/versions, see the reference URL.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Toshiba Tec Corporation | Toshiba Tec e-Studio multi-function peripheral (MFP) | unaffected |
|
No data.
No data.
No data.
Project Subscriptions
| Vendors | Products |
|---|---|
|
Toshibatec
Subscribe
|
E-studio-2010-ac
Subscribe
E-studio-2015-nc
Subscribe
E-studio-2020 Ac
Subscribe
E-studio-2021 Ac
Subscribe
E-studio-2110-ac
Subscribe
E-studio-2510-ac
Subscribe
E-studio-2515-nc
Subscribe
E-studio-2520 Nc
Subscribe
E-studio-2521 Ac
Subscribe
E-studio-2525 Ac
Subscribe
E-studio-2528-a
Subscribe
E-studio-2610-ac
Subscribe
E-studio-2615-nc
Subscribe
E-studio-3015-nc
Subscribe
E-studio-3025 Ac
Subscribe
E-studio-3028-a
Subscribe
E-studio-3115-nc
Subscribe
E-studio-330-ac
Subscribe
E-studio-3515-nc
Subscribe
E-studio-3525 Ac
Subscribe
E-studio-3525 Acg
Subscribe
E-studio-3528-a
Subscribe
E-studio-3528-ag
Subscribe
E-studio-3615-nc
Subscribe
E-studio-400-ac
Subscribe
E-studio-4515 Ac
Subscribe
E-studio-4525 Ac
Subscribe
E-studio-4528-a
Subscribe
E-studio-4528-ag
Subscribe
E-studio-4615 Ac
Subscribe
E-studio-5525 Ac
Subscribe
E-studio-5525 Acg
Subscribe
E-studio-5528-a
Subscribe
E-studio-6525 Ac
Subscribe
E-studio-6525 Acg
Subscribe
E-studio-6526-ac
Subscribe
E-studio-6527-ac
Subscribe
E-studio-6528-a
Subscribe
E-studio-6529-a
Subscribe
E-studio-7527-ac
Subscribe
E-studio-7529-a
Subscribe
E-studio-9029-a
Subscribe
|
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2024-24382 | Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers by sending a HTTP request without authentication. An attacker can exploit the XXE to retrieve information. As for the affected products/models/versions, see the reference URL. |
Fixes
Solution
This issue is fixed in the version released on June 14, 2024 and all later versions.
Workaround
When connecting the MFPs and printers with an outer network such as the Internet, only operate it in a network environment protected by a firewall, etc. to prevent information from being leaked due to incorrect settings or avoid illegal access by unauthorized users.
References
History
Thu, 13 Feb 2025 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Toshibatec
Toshibatec e-studio-2010-ac Toshibatec e-studio-2015-nc Toshibatec e-studio-2020 Ac Toshibatec e-studio-2021 Ac Toshibatec e-studio-2110-ac Toshibatec e-studio-2510-ac Toshibatec e-studio-2515-nc Toshibatec e-studio-2520 Nc Toshibatec e-studio-2521 Ac Toshibatec e-studio-2525 Ac Toshibatec e-studio-2528-a Toshibatec e-studio-2610-ac Toshibatec e-studio-2615-nc Toshibatec e-studio-3015-nc Toshibatec e-studio-3025 Ac Toshibatec e-studio-3028-a Toshibatec e-studio-3115-nc Toshibatec e-studio-330-ac Toshibatec e-studio-3515-nc Toshibatec e-studio-3525 Ac Toshibatec e-studio-3525 Acg Toshibatec e-studio-3528-a Toshibatec e-studio-3528-ag Toshibatec e-studio-3615-nc Toshibatec e-studio-400-ac Toshibatec e-studio-4515 Ac Toshibatec e-studio-4525 Ac Toshibatec e-studio-4528-a Toshibatec e-studio-4528-ag Toshibatec e-studio-4615 Ac Toshibatec e-studio-5525 Ac Toshibatec e-studio-5525 Acg Toshibatec e-studio-5528-a Toshibatec e-studio-6525 Ac Toshibatec e-studio-6525 Acg Toshibatec e-studio-6526-ac Toshibatec e-studio-6527-ac Toshibatec e-studio-6528-a Toshibatec e-studio-6529-a Toshibatec e-studio-7527-ac Toshibatec e-studio-7529-a Toshibatec e-studio-9029-a |
|
| CPEs | cpe:2.3:h:toshibatec:e-studio-2010-ac:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-2015-nc:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-2020_ac:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-2021_ac:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-2110-ac:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-2510-ac:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-2515-nc:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-2520_nc:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-2521_ac:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-2525_ac:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-2528-a:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-2610-ac:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-2615-nc:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-3015-nc:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-3025_ac:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-3028-a:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-3115-nc:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-330-ac:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-3515-nc:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-3525_ac:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-3525_acg:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-3528-a:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-3528-ag:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-3615-nc:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-400-ac:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-4515_ac:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-4525_ac:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-4528-a:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-4528-ag:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-4615_ac:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-5525_ac:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-5525_acg:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-5528-a:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-6525_ac:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-6525_acg:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-6526-ac:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-6527-ac:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-6528-a:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-6529-a:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-7527-ac:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-7529-a:-:*:*:*:*:*:*:* cpe:2.3:h:toshibatec:e-studio-9029-a:-:*:*:*:*:*:*:* |
|
| Vendors & Products |
Toshibatec
Toshibatec e-studio-2010-ac Toshibatec e-studio-2015-nc Toshibatec e-studio-2020 Ac Toshibatec e-studio-2021 Ac Toshibatec e-studio-2110-ac Toshibatec e-studio-2510-ac Toshibatec e-studio-2515-nc Toshibatec e-studio-2520 Nc Toshibatec e-studio-2521 Ac Toshibatec e-studio-2525 Ac Toshibatec e-studio-2528-a Toshibatec e-studio-2610-ac Toshibatec e-studio-2615-nc Toshibatec e-studio-3015-nc Toshibatec e-studio-3025 Ac Toshibatec e-studio-3028-a Toshibatec e-studio-3115-nc Toshibatec e-studio-330-ac Toshibatec e-studio-3515-nc Toshibatec e-studio-3525 Ac Toshibatec e-studio-3525 Acg Toshibatec e-studio-3528-a Toshibatec e-studio-3528-ag Toshibatec e-studio-3615-nc Toshibatec e-studio-400-ac Toshibatec e-studio-4515 Ac Toshibatec e-studio-4525 Ac Toshibatec e-studio-4528-a Toshibatec e-studio-4528-ag Toshibatec e-studio-4615 Ac Toshibatec e-studio-5525 Ac Toshibatec e-studio-5525 Acg Toshibatec e-studio-5528-a Toshibatec e-studio-6525 Ac Toshibatec e-studio-6525 Acg Toshibatec e-studio-6526-ac Toshibatec e-studio-6527-ac Toshibatec e-studio-6528-a Toshibatec e-studio-6529-a Toshibatec e-studio-7527-ac Toshibatec e-studio-7529-a Toshibatec e-studio-9029-a |
|
| Metrics |
ssvc
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: Toshiba
Published:
Updated: 2025-02-13T17:41:20.670Z
Reserved: 2024-02-21T02:11:53.249Z
Link: CVE-2024-27141
Vulnrichment
Updated: 2024-08-02T00:27:59.773Z
NVD
Status : Awaiting Analysis
Published: 2024-06-14T03:15:09.700
Modified: 2024-11-21T09:03:56.060
Link: CVE-2024-27141
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses