Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for (Multiple Products) by TOSHIBA TEC

    JVNDB-2025-014081

    Vulnerability from jvndb - Published: 2025-09-19 10:52 - Updated:2025-09-19 10:52
    Summary
    Multiple Brother and its OEM products with weak initial administrator passwords
    Details
    Multiple products provided by BROTHER INDUSTRIES, LTD and other OEM vendors are setup with weak initial administrator passwords, which can be derived from their serial numbers. This is reported by Rapid7, and treated on JVNVU#90043828, CVE-2024-51978. Brother states that (1) serial numbers have been available without authentication by design, for system management purposes, and (2) to fix CVE-2024-51978, the production-lines have been revised to introduce the initial passwords which are hard to derive from its serial numbers After the publication of CVE-2024-51978, runZero reported that eSCL/uscan can be also used to retrieve serial numbers without authentication. eSCL/uscan is not described in CVE-2024-51977, and considering the existence of CVE-2024-51978, Austin Hackers Anonymous assigns CVE-2025-8452. runZero reported this issue to the developer. JPCERT/CC coordinated between the reporter and the developer.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-014081.html",
      "dc:date": "2025-09-19T10:52+09:00",
      "dcterms:issued": "2025-09-19T10:52+09:00",
      "dcterms:modified": "2025-09-19T10:52+09:00",
      "description": "Multiple products provided by BROTHER INDUSTRIES, LTD and other OEM vendors are setup with weak initial administrator passwords, which can be derived from their serial numbers.\r\nThis is reported by Rapid7, and treated on \u003ca href=\"https://jvn.jp/en/vu/JVNVU90043828/\"target=\"blank\"\u003eJVNVU#90043828\u003c/a\u003e, \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51978\"target=\"blank\"\u003eCVE-2024-51978\u003c/a\u003e.\r\nBrother states that\r\n  (1) serial numbers have been available without authentication by design, for system management purposes, and\r\n  (2) to fix CVE-2024-51978, the production-lines have been revised to introduce the initial passwords which are hard to derive from its serial numbers\r\n\r\nAfter the publication of CVE-2024-51978, runZero reported that eSCL/uscan can be also used to retrieve serial numbers without authentication.\r\neSCL/uscan is not described in CVE-2024-51977, and considering the existence of CVE-2024-51978, Austin Hackers Anonymous assigns \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2025-8452\"target=\"blank\"\u003eCVE-2025-8452\u003c/a\u003e.\r\n\r\nrunZero reported this issue to the developer.\r\nJPCERT/CC coordinated between the reporter and the developer.",
      "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-014081.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:brother:multiple_products",
          "@product": "(Multiple Products)",
          "@vendor": "Brother Industries",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:toshibatec:multiple_product",
          "@product": "(Multiple Products)",
          "@vendor": "TOSHIBA TEC",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:konicaminolta:multiple_product",
          "@product": "(Multiple Products)",
          "@vendor": "KONICA MINOLTA, INC.",
          "@version": "2.2"
        }
      ],
      "sec:identifier": "JVNDB-2025-014081",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU93294882/index.html",
          "@id": "JVNVU#93294882",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/vu/JVNVU90043828/",
          "@id": "JVNVU#90043828",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-8452",
          "@id": "CVE-2025-8452",
          "@source": "CVE"
        },
        {
          "#text": "https://takeonme.org/cves/cve-2025-8452/",
          "@id": "Brother Printer Serial Number Disclosure",
          "@source": "Related Information"
        },
        {
          "#text": "https://www.runzero.com/blog/brother-devices/",
          "@id": "How to find Brother printer, scanner and label maker devices on your network",
          "@source": "Related Information"
        }
      ],
      "title": "Multiple Brother and its OEM products with weak initial administrator passwords"
    }

    JVNDB-2024-011256

    Vulnerability from jvndb - Published: 2024-10-28 17:33 - Updated:2024-10-28 17:33
    Severity
    Summary
    Multiple vulnerabilities in Sharp and Toshiba Tec MFPs
    Details
    MFPs (multifunction printers) provided by Sharp and Toshiba Tec Corporation contain multiple vulnerabilites listed below.
    • Out-of-bounds Read (CWE-125)
      • CVE-2024-42420
      • Out-of-bounds read vulnerabilities coming from improper processing of keyword search input and improper processing of SOAP messages
    • Out-of-bounds Read (CWE-125)
      • CVE-2024-43424
      • Out-of-bounds read vulnerability coming from improper processing of HTTP request headers
    • Out-of-bounds Read (CWE-125)
      • CVE-2024-45829
      • Out-of-bounds read vulnerability in the web page providing data downloading, where query parameters in HTTP requests are improperly processed
    • Path traversal (CWE-22)
      • CVE-2024-45842
      • Improper processing of URI data in HTTP PUT requests leads to path traversal vulnerability, unintended internal files may be retrieved
    • Improper access restriction on some configuration related APIs (CWE-749)
      • CVE-2024-47005
      • Some configuration related APIs are expected to be called by administrative users only, but insufficiently restricted
    • Authentication Bypass Using an Alternate Path (CWE-288)
      • CVE-2024-47406
      • Improper processing of HTTP authentication requests may lead to authentication bypass
    • Improper processing of query parameters in HTTP requests (CWE-644)
      • CVE-2024-47549
      • Improper processing of query parameters of HTTP requests may allow contamination of unintended data to HTTP response headers
    • Reflected Cross-site Scripting (CWE-79)
      • CVE-2024-47801
      • Reflected cross-site scripting vulnerability coming from improper processing of query parameters in HTTP requests
    • Stored Cross-site Scripting (CWE-79)
      • CVE-2024-48870
      • Stored cross-site scripting vulnerability coming from improper input data validation in URI data registration
    Sharp Corporation reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-011256.html",
      "dc:date": "2024-10-28T17:33+09:00",
      "dcterms:issued": "2024-10-28T17:33+09:00",
      "dcterms:modified": "2024-10-28T17:33+09:00",
      "description": "MFPs (multifunction printers) provided by Sharp and Toshiba Tec Corporation contain multiple vulnerabilites listed below.\r\n\r\n\u003cul\u003e\r\n\t\u003cli\u003eOut-of-bounds Read (CWE-125)\r\n\t\u003cul\u003e\r\n\t\t\u003cli\u003eCVE-2024-42420\u003c/li\u003e\r\n\t\t\u003cli\u003eOut-of-bounds read vulnerabilities coming from improper processing of keyword search input and improper processing of\u0026nbsp;SOAP messages\u003c/li\u003e\r\n\t\u003c/ul\u003e\r\n\t\u003c/li\u003e\r\n\t\u003cli\u003eOut-of-bounds Read (CWE-125)\r\n\t\u003cul\u003e\r\n\t\t\u003cli\u003eCVE-2024-43424\u003c/li\u003e\r\n\t\t\u003cli\u003eOut-of-bounds read vulnerability coming from improper processing of HTTP request headers\u003c/li\u003e\r\n\t\u003c/ul\u003e\r\n\t\u003c/li\u003e\r\n\t\u003cli\u003eOut-of-bounds Read\u0026nbsp;(CWE-125)\r\n\t\u003cul\u003e\r\n\t\t\u003cli\u003eCVE-2024-45829\u003c/li\u003e\r\n\t\t\u003cli\u003eOut-of-bounds read vulnerability in the web page providing data downloading, where query parameters in HTTP requests are improperly processed\u003c/li\u003e\r\n\t\u003c/ul\u003e\r\n\t\u003c/li\u003e\r\n\t\u003cli\u003ePath traversal\u0026nbsp;(CWE-22)\r\n\t\u003cul\u003e\r\n\t\t\u003cli\u003eCVE-2024-45842\u003c/li\u003e\r\n\t\t\u003cli\u003eImproper processing of URI data in HTTP PUT requests leads to path traversal vulnerability, unintended internal files may be retrieved\u003c/li\u003e\r\n\t\u003c/ul\u003e\r\n\t\u003c/li\u003e\r\n\t\u003cli\u003eImproper access restriction on some configuration related\u0026nbsp;APIs (CWE-749)\r\n\t\u003cul\u003e\r\n\t\t\u003cli\u003eCVE-2024-47005\u003c/li\u003e\r\n\t\t\u003cli\u003eSome configuration related APIs are expected to be called by administrative users only, but insufficiently restricted\u003c/li\u003e\r\n\t\u003c/ul\u003e\r\n\t\u003c/li\u003e\r\n\t\u003cli\u003eAuthentication Bypass Using an Alternate Path\u0026nbsp;(CWE-288)\r\n\t\u003cul\u003e\r\n\t\t\u003cli\u003eCVE-2024-47406\u003c/li\u003e\r\n\t\t\u003cli\u003eImproper processing of HTTP authentication requests may lead to authentication bypass\u003c/li\u003e\r\n\t\u003c/ul\u003e\r\n\t\u003c/li\u003e\r\n\t\u003cli\u003eImproper processing of query parameters in HTTP requests (CWE-644)\r\n\t\u003cul\u003e\r\n\t\t\u003cli\u003eCVE-2024-47549\u003c/li\u003e\r\n\t\t\u003cli\u003eImproper processing of query parameters of HTTP requests may allow contamination of unintended data to HTTP response headers\u003c/li\u003e\r\n\t\u003c/ul\u003e\r\n\t\u003c/li\u003e\r\n\t\u003cli\u003eReflected Cross-site Scripting (CWE-79)\r\n\t\u003cul\u003e\r\n\t\t\u003cli\u003eCVE-2024-47801\u003c/li\u003e\r\n\t\t\u003cli\u003eReflected cross-site scripting vulnerability coming from improper processing of query parameters in HTTP requests\u003c/li\u003e\r\n\t\u003c/ul\u003e\r\n\t\u003c/li\u003e\r\n\t\u003cli\u003eStored Cross-site Scripting (CWE-79)\r\n\t\u003cul\u003e\r\n\t\t\u003cli\u003eCVE-2024-48870\u003c/li\u003e\r\n\t\t\u003cli\u003eStored cross-site scripting vulnerability coming from improper input data validation in URI data registration\u003c/li\u003e\r\n\t\u003c/ul\u003e\r\n\t\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\nSharp Corporation reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-011256.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:sharp:multiple_product",
          "@product": "(Multiple Products)",
          "@vendor": "Sharp Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:toshibatec:multiple_product",
          "@product": "(Multiple Products)",
          "@vendor": "TOSHIBA TEC",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "9.1",
        "@severity": "Critical",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2024-011256",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU95063136/index.html",
          "@id": "JVNVU#95063136",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-42420",
          "@id": "CVE-2024-42420",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-43424",
          "@id": "CVE-2024-43424",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-45829",
          "@id": "CVE-2024-45829",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-45842",
          "@id": "CVE-2024-45842",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-47005",
          "@id": "CVE-2024-47005",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-47406",
          "@id": "CVE-2024-47406",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-47549",
          "@id": "CVE-2024-47549",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-47801",
          "@id": "CVE-2024-47801",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-48870",
          "@id": "CVE-2024-48870",
          "@source": "CVE"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/125.html",
          "@id": "CWE-125",
          "@title": "Out-of-bounds Read(CWE-125)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-22",
          "@title": "Path Traversal(CWE-22)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/288.html",
          "@id": "CWE-288",
          "@title": "Authentication Bypass Using an Alternate Path or Channel(CWE-288)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/644.html",
          "@id": "CWE-644",
          "@title": "Improper Neutralization of HTTP Headers for Scripting Syntax(CWE-644)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/749.html",
          "@id": "CWE-749",
          "@title": "Exposed Dangerous Method or Function(CWE-749)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "Multiple vulnerabilities in Sharp and Toshiba Tec MFPs"
    }

    JVNDB-2024-003539

    Vulnerability from jvndb - Published: 2024-06-17 15:21 - Updated:2024-06-17 15:21
    Summary
    Multiple vulnerabilities in Toshiba Tec and Oki Electric Industry MFPs
    Details
    MFPs (multifunction printers) provided by Toshiba Tec Corporation and Oki Electric Industry Co., Ltd. contain multiple vulnerabilities listed below.
    • Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') (CWE-776) - CVE-2024-27141, CVE-2024-27142
    • Execution with Unnecessary Privileges (CWE-250) - CVE-2024-27143, CVE-2024-27146, CVE-2024-27147, CVE-2024-3498
    • Incorrect Default Permissions (CWE-276) - CVE-2024-27148, CVE-2024-27149, CVE-2024-27150, CVE-2024-27151, CVE-2024-27152, CVE-2024-27153, CVE-2024-27155, CVE-2024-27167, CVE-2024-27171
    • Path Traversal (CWE-22) - CVE-2024-27144, CVE-2024-27145, CVE-2024-27173, CVE-2024-27174, CVE-2024-27176, CVE-2024-27177, CVE-2024-27178
    • Insertion of Sensitive Information into Log File (CWE-532) - CVE-2024-27154, CVE-2024-27156, CVE-2024-27157
    • Plaintext Storage of a Password (CWE-256) - CVE-2024-27166
    • Debug Messages Revealing Unnecessary Information (CWE-1295) - CVE-2024-27179
    • Use of Default Credentials (CWE-1392) - CVE-2024-27158
    • Use of Hard-coded Credentials (CWE-798) - CVE-2024-27159, CVE-2024-27160, CVE-2024-27161, CVE-2024-27168, CVE-2024-27170
    • Use of Hard-coded Password (CWE-259) - CVE-2024-27164
    • Cross-site Scripting (CWE-79) - CVE-2024-27162
    • Cleartext Transmission of Sensitive Information (CWE-319) - CVE-2024-27163
    • Least Privilege Violation (CWE-272) - CVE-2024-27165
    • Missing Authentication for Critical Function (CWE-306) - CVE-2024-27169
    • OS Command Injection (CWE-78) - CVE-2024-27172
    • External Control of File Name or Path (CWE-73) - CVE-2024-27175
    • Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) - CVE-2024-27180
    • Authentication Bypass Using an Alternate Path or Channel (CWE-288) - CVE-2024-3496
    • Relative Path Traversal (CWE-23) - CVE-2024-3497
    Toshiba Tec Corporation reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
    References
    JVN https://jvn.jp/en/vu/JVNVU97136265/index.html
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27141
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27142
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27143
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27146
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27147
    CVE https://www.cve.org/CVERecord?id=CVE-2024-3498
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27148
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27149
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27150
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27151
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27152
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27153
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27155
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27167
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27171
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27144
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27145
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27173
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27174
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27176
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27177
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27178
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27154
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27156
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27157
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27166
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27179
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27158
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27159
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27160
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27161
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27168
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27170
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27164
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27162
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27163
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27165
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27169
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27172
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27175
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27180
    CVE https://www.cve.org/CVERecord?id=CVE-2024-3496
    CVE https://www.cve.org/CVERecord?id=CVE-2024-3497
    Debug Messages Revealing Unnecessary Information(CWE-1295) https://cwe.mitre.org/data/definitions/1295
    Use of Default Credentials(CWE-1392) https://cwe.mitre.org/data/definitions/1392.html
    Path Traversal(CWE-22) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    Relative Path Traversal(CWE-23) https://cwe.mitre.org/data/definitions/23.html
    Execution with Unnecessary Privileges(CWE-250) https://cwe.mitre.org/data/definitions/250.html
    Unprotected Storage of Credentials(CWE-256) https://cwe.mitre.org/data/definitions/256.html
    Use of Hard-coded Password(CWE-259) https://cwe.mitre.org/data/definitions/259.html
    Least Privilege Violation(CWE-272) https://cwe.mitre.org/data/definitions/272.html
    Incorrect Default Permissions(CWE-276) https://cwe.mitre.org/data/definitions/276.html
    Authentication Bypass Using an Alternate Path or Channel(CWE-288) https://cwe.mitre.org/data/definitions/288.html
    Missing Authentication for Critical Function(CWE-306) https://cwe.mitre.org/data/definitions/306.html
    Cleartext Transmission of Sensitive Information(CWE-319) https://cwe.mitre.org/data/definitions/319.html
    Time-of-check Time-of-use (TOCTOU) Race Condition(CWE-367) https://cwe.mitre.org/data/definitions/367.html
    Information Exposure Through Log Files(CWE-532) https://cwe.mitre.org/data/definitions/532.html
    External Control of File Name or Path(CWE-73) https://cwe.mitre.org/data/definitions/73.html
    Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')(CWE-776) http://cwe.mitre.org/data/definitions/776.html
    OS Command Injection(CWE-78) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    Cross-site Scripting(CWE-79) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    Use of Hard-coded Credentials(CWE-798) https://cwe.mitre.org/data/definitions/798.html
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003539.html",
      "dc:date": "2024-06-17T15:21+09:00",
      "dcterms:issued": "2024-06-17T15:21+09:00",
      "dcterms:modified": "2024-06-17T15:21+09:00",
      "description": "MFPs (multifunction printers) provided by Toshiba Tec Corporation and Oki Electric Industry Co., Ltd. contain multiple vulnerabilities listed below.\r\n\u003cul\u003e\r\n\t\u003cli\u003e\u003cb\u003eImproper Restriction of Recursive Entity References in DTDs (\u0026#39;XML Entity Expansion\u0026#39;) (\u003ca href=\"https://cwe.mitre.org/data/definitions/776\"\u003eCWE-776\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27141, CVE-2024-27142\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eExecution with Unnecessary Privileges (\u003ca href=\"https://cwe.mitre.org/data/definitions/250\"\u003eCWE-250\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27143, CVE-2024-27146, CVE-2024-27147, CVE-2024-3498\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eIncorrect Default Permissions (\u003ca href=\"https://cwe.mitre.org/data/definitions/276\"\u003eCWE-276\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27148, CVE-2024-27149, CVE-2024-27150, CVE-2024-27151, CVE-2024-27152, CVE-2024-27153, CVE-2024-27155, CVE-2024-27167, CVE-2024-27171\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003ePath Traversal (\u003ca href=\"https://cwe.mitre.org/data/definitions/22\"\u003eCWE-22\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27144, CVE-2024-27145, CVE-2024-27173, CVE-2024-27174, CVE-2024-27176, CVE-2024-27177, CVE-2024-27178\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eInsertion of Sensitive Information into Log File (\u003ca href=\"https://cwe.mitre.org/data/definitions/532\"\u003eCWE-532\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27154, CVE-2024-27156, CVE-2024-27157\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003ePlaintext Storage of a Password (\u003ca href=\"https://cwe.mitre.org/data/definitions/256\"\u003eCWE-256\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27166\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eDebug Messages Revealing Unnecessary Information (\u003ca href=\"https://cwe.mitre.org/data/definitions/1295\"\u003eCWE-1295\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27179\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eUse of Default Credentials (\u003ca href=\"https://cwe.mitre.org/data/definitions/1392\"\u003eCWE-1392\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27158\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eUse of Hard-coded Credentials (\u003ca href=\"https://cwe.mitre.org/data/definitions/798\"\u003eCWE-798\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27159, CVE-2024-27160, CVE-2024-27161, CVE-2024-27168, CVE-2024-27170\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eUse of Hard-coded Password (\u003ca href=\"https://cwe.mitre.org/data/definitions/259\"\u003eCWE-259\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27164\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eCross-site Scripting (\u003ca href=\"http://cwe.mitre.org/data/definitions/79\"\u003eCWE-79\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27162\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eCleartext Transmission of Sensitive Information (\u003ca href=\"https://cwe.mitre.org/data/definitions/319\"\u003eCWE-319\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27163\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eLeast Privilege Violation (\u003ca href=\"https://cwe.mitre.org/data/definitions/272\"\u003eCWE-272\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27165\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eMissing Authentication for Critical Function (\u003ca href=\"https://cwe.mitre.org/data/definitions/306\"\u003eCWE-306\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27169\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eOS Command Injection (\u003ca href=\"https://cwe.mitre.org/data/definitions/78\"\u003eCWE-78\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27172\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eExternal Control of File Name or Path (\u003ca href=\"https://cwe.mitre.org/data/definitions/73\"\u003eCWE-73\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27175\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eTime-of-check Time-of-use (TOCTOU) Race Condition (\u003ca href=\"https://cwe.mitre.org/data/definitions/367\"\u003eCWE-367\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27180\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eAuthentication Bypass Using an Alternate Path or Channel (\u003ca href=\"https://cwe.mitre.org/data/definitions/288\"\u003eCWE-288\u003c/a\u003e\u003c/b\u003e) - CVE-2024-3496\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eRelative Path Traversal (\u003ca href=\"https://cwe.mitre.org/data/definitions/23\"\u003eCWE-23\u003c/a\u003e) \u003c/b\u003e- CVE-2024-3497\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\nToshiba Tec Corporation reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003539.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:misc:oki_electric_industry_multiple_product",
          "@product": "(Multiple Products)",
          "@vendor": "Oki Electric Industry Co., Ltd.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:toshibatec:multiple_product",
          "@product": "(Multiple Products)",
          "@vendor": "TOSHIBA TEC",
          "@version": "2.2"
        }
      ],
      "sec:identifier": "JVNDB-2024-003539",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU97136265/index.html",
          "@id": "JVNVU#97136265",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27141",
          "@id": "CVE-2024-27141",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27142",
          "@id": "CVE-2024-27142",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27143",
          "@id": "CVE-2024-27143",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27146",
          "@id": "CVE-2024-27146",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27147",
          "@id": "CVE-2024-27147",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-3498",
          "@id": "CVE-2024-3498",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27148",
          "@id": "CVE-2024-27148",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27149",
          "@id": "CVE-2024-27149",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27150",
          "@id": "CVE-2024-27150",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27151",
          "@id": "CVE-2024-27151",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27152",
          "@id": "CVE-2024-27152",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27153",
          "@id": "CVE-2024-27153",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27155",
          "@id": "CVE-2024-27155",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27167",
          "@id": "CVE-2024-27167",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27171",
          "@id": "CVE-2024-27171",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27144",
          "@id": "CVE-2024-27144",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27145",
          "@id": "CVE-2024-27145",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27173",
          "@id": "CVE-2024-27173",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27174",
          "@id": "CVE-2024-27174",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27176",
          "@id": "CVE-2024-27176",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27177",
          "@id": "CVE-2024-27177",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27178",
          "@id": "CVE-2024-27178",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27154",
          "@id": "CVE-2024-27154",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27156",
          "@id": "CVE-2024-27156",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27157",
          "@id": "CVE-2024-27157",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27166",
          "@id": "CVE-2024-27166",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27179",
          "@id": "CVE-2024-27179",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27158",
          "@id": "CVE-2024-27158",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27159",
          "@id": "CVE-2024-27159",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27160",
          "@id": "CVE-2024-27160",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27161",
          "@id": "CVE-2024-27161",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27168",
          "@id": "CVE-2024-27168",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27170",
          "@id": "CVE-2024-27170",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27164",
          "@id": "CVE-2024-27164",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27162",
          "@id": "CVE-2024-27162",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27163",
          "@id": "CVE-2024-27163",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27165",
          "@id": "CVE-2024-27165",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27169",
          "@id": "CVE-2024-27169",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27172",
          "@id": "CVE-2024-27172",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27175",
          "@id": "CVE-2024-27175",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27180",
          "@id": "CVE-2024-27180",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-3496",
          "@id": "CVE-2024-3496",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-3497",
          "@id": "CVE-2024-3497",
          "@source": "CVE"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/1295",
          "@id": "CWE-1295",
          "@title": "Debug Messages Revealing Unnecessary Information(CWE-1295)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/1392.html",
          "@id": "CWE-1392",
          "@title": "Use of Default Credentials(CWE-1392)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-22",
          "@title": "Path Traversal(CWE-22)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/23.html",
          "@id": "CWE-23",
          "@title": "Relative Path Traversal(CWE-23)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/250.html",
          "@id": "CWE-250",
          "@title": "Execution with Unnecessary Privileges(CWE-250)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/256.html",
          "@id": "CWE-256",
          "@title": "Unprotected Storage of Credentials(CWE-256)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/259.html",
          "@id": "CWE-259",
          "@title": "Use of Hard-coded Password(CWE-259)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/272.html",
          "@id": "CWE-272",
          "@title": "Least Privilege Violation(CWE-272)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/276.html",
          "@id": "CWE-276",
          "@title": "Incorrect Default Permissions(CWE-276)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/288.html",
          "@id": "CWE-288",
          "@title": "Authentication Bypass Using an Alternate Path or Channel(CWE-288)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/306.html",
          "@id": "CWE-306",
          "@title": "Missing Authentication for Critical Function(CWE-306)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/319.html",
          "@id": "CWE-319",
          "@title": "Cleartext Transmission of Sensitive Information(CWE-319)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/367.html",
          "@id": "CWE-367",
          "@title": "Time-of-check Time-of-use (TOCTOU) Race Condition(CWE-367)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/532.html",
          "@id": "CWE-532",
          "@title": "Information Exposure Through Log Files(CWE-532)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/73.html",
          "@id": "CWE-73",
          "@title": "External Control of File Name or Path(CWE-73)"
        },
        {
          "#text": "http://cwe.mitre.org/data/definitions/776.html",
          "@id": "CWE-776",
          "@title": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)(CWE-776)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/798.html",
          "@id": "CWE-798",
          "@title": "Use of Hard-coded Credentials(CWE-798)"
        }
      ],
      "title": "Multiple vulnerabilities in Toshiba Tec and Oki Electric Industry MFPs"
    }

    JVNDB-2024-003253

    Vulnerability from jvndb - Published: 2024-06-03 14:36 - Updated:2024-06-03 14:36
    Severity
    Summary
    Multiple vulnerabilities in Sharp and Toshiba Tec MFPs
    Details
    Sharp and Toshiba Tec MFPs (multifunction printers) contain multiple vulnerabilities listed below. * Stack-based Buffer Overflow (CWE-121) - CVE-2024-28038 * Incorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-28955 * Cleartext Storage of Sensitive Information (CWE-312) - CVE-2024-29146 * Plaintext Storage of a Password (CWE-256) - CVE-2024-29978 * Storing Passwords in a Recoverable Format (CWE-257) - CVE-2024-32151 * Path Traversal (CWE-22) - CVE-2024-33605 * Improper Access Control (CWE-284) - CVE-2024-33610, CVE-2024-33616 * Access to Critical Private Variable via Public Method (CWE-767) - CVE-2024-34162 * Use of Hard-coded Credentials (CWE-798) - CVE-2024-35244, CVE-2024-36248 * Cross-site Scripting (CWE-79) - CVE-2024-36249 * Out-of-bounds Read (CWE-125) - CVE-2024-36251, CVE-2024-36254 As for the vulnerabilities listed below, Pierre Barre reported them to JPCERT/CC, and JPCERT/CC coordinated with Sharp Corporation. CVE-2024-28038, CVE-2024-28955, CVE-2024-29146, CVE-2024-29978, CVE-2024-32151, CVE-2024-33605, CVE-2024-33610, CVE-2024-33616, CVE-2024-34162, CVE-2024-35244, CVE-2024-36248, CVE-2024-36251, CVE-2024-36254 As for the vulnerabilities listed below, Sharp Corporation received reports and coordinated with the reporters directly, and after the coordination was completed, Sharp reported them to JPCERT/CC to notify the users of the solutions through JVN. CVE-2024-33610, CVE-2024-36249, CVE-2024-36251, CVE-2024-36254
    References
    JVN https://jvn.jp/en/vu/JVNVU93051062/index.html
    CVE https://www.cve.org/CVERecord?id=CVE-2024-28038
    CVE https://www.cve.org/CVERecord?id=CVE-2024-28955
    CVE https://www.cve.org/CVERecord?id=CVE-2024-29146
    CVE https://www.cve.org/CVERecord?id=CVE-2024-29978
    CVE https://www.cve.org/CVERecord?id=CVE-2024-32151
    CVE https://www.cve.org/CVERecord?id=CVE-2024-33605
    CVE https://www.cve.org/CVERecord?id=CVE-2024-33610
    CVE https://www.cve.org/CVERecord?id=CVE-2024-33616
    CVE https://www.cve.org/CVERecord?id=CVE-2024-34162
    CVE https://www.cve.org/CVERecord?id=CVE-2024-35244
    CVE https://www.cve.org/CVERecord?id=CVE-2024-36248
    CVE https://www.cve.org/CVERecord?id=CVE-2024-36249
    CVE https://www.cve.org/CVERecord?id=CVE-2024-36251
    CVE https://www.cve.org/CVERecord?id=CVE-2024-36254
    Stack-based Buffer Overflow(CWE-121) https://cwe.mitre.org/data/definitions/121.html
    Out-of-bounds Read(CWE-125) https://cwe.mitre.org/data/definitions/125.html
    Path Traversal(CWE-22) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    Unprotected Storage of Credentials(CWE-256) https://cwe.mitre.org/data/definitions/256.html
    Storing Passwords in a Recoverable Format(CWE-257) https://cwe.mitre.org/data/definitions/257.html
    Improper Access Control(CWE-284) https://cwe.mitre.org/data/definitions/284.html
    Cleartext Storage of Sensitive Information(CWE-312) https://cwe.mitre.org/data/definitions/312.html
    Incorrect Permission Assignment for Critical Resource(CWE-732) https://cwe.mitre.org/data/definitions/732.html
    Access to Critical Private Variable via Public Method(CWE-767) https://cwe.mitre.org/data/definitions/767.html
    Cross-site Scripting(CWE-79) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    Use of Hard-coded Credentials(CWE-798) https://cwe.mitre.org/data/definitions/798.html
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003253.html",
      "dc:date": "2024-06-03T14:36+09:00",
      "dcterms:issued": "2024-06-03T14:36+09:00",
      "dcterms:modified": "2024-06-03T14:36+09:00",
      "description": "Sharp and Toshiba Tec MFPs (multifunction printers) contain multiple vulnerabilities listed below.\r\n\r\n  * Stack-based Buffer Overflow (CWE-121) - CVE-2024-28038\r\n  * Incorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-28955\r\n  * Cleartext Storage of Sensitive Information (CWE-312) - CVE-2024-29146\r\n  * Plaintext Storage of a Password (CWE-256) - CVE-2024-29978\r\n  * Storing Passwords in a Recoverable Format (CWE-257) - CVE-2024-32151\r\n  * Path Traversal (CWE-22) - CVE-2024-33605\r\n  * Improper Access Control (CWE-284) - CVE-2024-33610, CVE-2024-33616\r\n  * Access to Critical Private Variable via Public Method (CWE-767) - CVE-2024-34162\r\n  * Use of Hard-coded Credentials (CWE-798) - CVE-2024-35244, CVE-2024-36248\r\n  * Cross-site Scripting (CWE-79) - CVE-2024-36249\r\n  * Out-of-bounds Read (CWE-125) - CVE-2024-36251, CVE-2024-36254\r\n\r\nAs for the vulnerabilities listed below, Pierre Barre reported them to JPCERT/CC, and JPCERT/CC coordinated with Sharp Corporation.\r\nCVE-2024-28038, CVE-2024-28955, CVE-2024-29146, CVE-2024-29978, CVE-2024-32151, CVE-2024-33605, CVE-2024-33610, CVE-2024-33616, CVE-2024-34162, CVE-2024-35244, CVE-2024-36248, CVE-2024-36251, CVE-2024-36254\r\n\r\nAs for the vulnerabilities listed below, Sharp Corporation received reports and coordinated with the reporters directly, and after the coordination was completed, Sharp reported them to JPCERT/CC to notify the users of the solutions through JVN.\r\nCVE-2024-33610, CVE-2024-36249, CVE-2024-36251, CVE-2024-36254",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003253.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:sharp:multiple_product",
          "@product": "(Multiple Products)",
          "@vendor": "Sharp Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:toshibatec:multiple_product",
          "@product": "(Multiple Products)",
          "@vendor": "TOSHIBA TEC",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "9.1",
        "@severity": "Critical",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2024-003253",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU93051062/index.html",
          "@id": "JVNVU#93051062",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28038",
          "@id": "CVE-2024-28038",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28955",
          "@id": "CVE-2024-28955",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-29146",
          "@id": "CVE-2024-29146",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-29978",
          "@id": "CVE-2024-29978",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-32151",
          "@id": "CVE-2024-32151",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-33605",
          "@id": "CVE-2024-33605",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-33610",
          "@id": "CVE-2024-33610",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-33616",
          "@id": "CVE-2024-33616",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-34162",
          "@id": "CVE-2024-34162",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-35244",
          "@id": "CVE-2024-35244",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-36248",
          "@id": "CVE-2024-36248",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-36249",
          "@id": "CVE-2024-36249",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-36251",
          "@id": "CVE-2024-36251",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-36254",
          "@id": "CVE-2024-36254",
          "@source": "CVE"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/121.html",
          "@id": "CWE-121",
          "@title": "Stack-based Buffer Overflow(CWE-121)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/125.html",
          "@id": "CWE-125",
          "@title": "Out-of-bounds Read(CWE-125)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-22",
          "@title": "Path Traversal(CWE-22)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/256.html",
          "@id": "CWE-256",
          "@title": "Unprotected Storage of Credentials(CWE-256)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/257.html",
          "@id": "CWE-257",
          "@title": "Storing Passwords in a Recoverable Format(CWE-257)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/284.html",
          "@id": "CWE-284",
          "@title": "Improper Access Control(CWE-284)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/312.html",
          "@id": "CWE-312",
          "@title": "Cleartext Storage of Sensitive Information(CWE-312)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/732.html",
          "@id": "CWE-732",
          "@title": "Incorrect Permission Assignment for Critical Resource(CWE-732)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/767.html",
          "@id": "CWE-767",
          "@title": "Access to Critical Private Variable via Public Method(CWE-767)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/798.html",
          "@id": "CWE-798",
          "@title": "Use of Hard-coded Credentials(CWE-798)"
        }
      ],
      "title": "Multiple vulnerabilities in Sharp and Toshiba Tec MFPs"
    }