Search
Find a vulnerability
Search criteria
3 vulnerabilities by Oki Electric Industry Co., Ltd.
CVE-2026-24466 (GCVE-0-2026-24466)
Vulnerability from nvd – Published: 2026-02-09 06:59 – Updated: 2026-02-09 15:43
VLAI
Summary
Products provided by Oki Electric Industry Co., Ltd. and its OEM products (Ricoh Co., Ltd., Murata Machinery, Ltd.) register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-428 - Unquoted search path or element
Assigner
References
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Oki Electric Industry Co., Ltd. | See "References" section |
Affected:
See "References" section
|
|
| Ricoh Company, Ltd. | See "References" section |
Affected:
See "References" section
|
|
| Murata Machinery, Ltd. | See "References" section |
Affected:
See "References" section
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24466",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T15:43:38.709818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T15:43:46.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "See \"References\" section",
"vendor": "Oki Electric Industry Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "See \"References\" section"
}
]
},
{
"product": "See \"References\" section",
"vendor": "Ricoh Company, Ltd.",
"versions": [
{
"status": "affected",
"version": "See \"References\" section"
}
]
},
{
"product": "See \"References\" section",
"vendor": "Murata Machinery, Ltd.",
"versions": [
{
"status": "affected",
"version": "See \"References\" section"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Products provided by Oki Electric Industry Co., Ltd. and its OEM products (Ricoh Co., Ltd., Murata Machinery, Ltd.) register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted search path or element",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T06:59:30.186Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.oki.com/jp/product_security/sa_2026_0001_en.html"
},
{
"url": "https://www.oki.com/jp/printing/support/important-information/2026/info-260209/index.html"
},
{
"url": "https://jp.ricoh.com/security/products/vulnerabilities/vul?id=ricoh-2026-000002"
},
{
"url": "https://www.muratec.jp/ce/support/announce_sp_20260209.html"
},
{
"url": "https://jvn.jp/en/jp/JVN55395471/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-24466",
"datePublished": "2026-02-09T06:59:30.186Z",
"dateReserved": "2026-01-23T00:31:37.485Z",
"dateUpdated": "2026-02-09T15:43:46.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24466 (GCVE-0-2026-24466)
Vulnerability from cvelistv5 – Published: 2026-02-09 06:59 – Updated: 2026-02-09 15:43
VLAI
Summary
Products provided by Oki Electric Industry Co., Ltd. and its OEM products (Ricoh Co., Ltd., Murata Machinery, Ltd.) register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-428 - Unquoted search path or element
Assigner
References
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Oki Electric Industry Co., Ltd. | See "References" section |
Affected:
See "References" section
|
|
| Ricoh Company, Ltd. | See "References" section |
Affected:
See "References" section
|
|
| Murata Machinery, Ltd. | See "References" section |
Affected:
See "References" section
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24466",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T15:43:38.709818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T15:43:46.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "See \"References\" section",
"vendor": "Oki Electric Industry Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "See \"References\" section"
}
]
},
{
"product": "See \"References\" section",
"vendor": "Ricoh Company, Ltd.",
"versions": [
{
"status": "affected",
"version": "See \"References\" section"
}
]
},
{
"product": "See \"References\" section",
"vendor": "Murata Machinery, Ltd.",
"versions": [
{
"status": "affected",
"version": "See \"References\" section"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Products provided by Oki Electric Industry Co., Ltd. and its OEM products (Ricoh Co., Ltd., Murata Machinery, Ltd.) register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted search path or element",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T06:59:30.186Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.oki.com/jp/product_security/sa_2026_0001_en.html"
},
{
"url": "https://www.oki.com/jp/printing/support/important-information/2026/info-260209/index.html"
},
{
"url": "https://jp.ricoh.com/security/products/vulnerabilities/vul?id=ricoh-2026-000002"
},
{
"url": "https://www.muratec.jp/ce/support/announce_sp_20260209.html"
},
{
"url": "https://jvn.jp/en/jp/JVN55395471/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-24466",
"datePublished": "2026-02-09T06:59:30.186Z",
"dateReserved": "2026-01-23T00:31:37.485Z",
"dateUpdated": "2026-02-09T15:43:46.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
JVNDB-2024-003539
Vulnerability from jvndb - Published: 2024-06-17 15:21 - Updated:2024-06-17 15:21Summary
Multiple vulnerabilities in Toshiba Tec and Oki Electric Industry MFPs
Details
MFPs (multifunction printers) provided by Toshiba Tec Corporation and Oki Electric Industry Co., Ltd. contain multiple vulnerabilities listed below.
- Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') (CWE-776) - CVE-2024-27141, CVE-2024-27142
- Execution with Unnecessary Privileges (CWE-250) - CVE-2024-27143, CVE-2024-27146, CVE-2024-27147, CVE-2024-3498
- Incorrect Default Permissions (CWE-276) - CVE-2024-27148, CVE-2024-27149, CVE-2024-27150, CVE-2024-27151, CVE-2024-27152, CVE-2024-27153, CVE-2024-27155, CVE-2024-27167, CVE-2024-27171
- Path Traversal (CWE-22) - CVE-2024-27144, CVE-2024-27145, CVE-2024-27173, CVE-2024-27174, CVE-2024-27176, CVE-2024-27177, CVE-2024-27178
- Insertion of Sensitive Information into Log File (CWE-532) - CVE-2024-27154, CVE-2024-27156, CVE-2024-27157
- Plaintext Storage of a Password (CWE-256) - CVE-2024-27166
- Debug Messages Revealing Unnecessary Information (CWE-1295) - CVE-2024-27179
- Use of Default Credentials (CWE-1392) - CVE-2024-27158
- Use of Hard-coded Credentials (CWE-798) - CVE-2024-27159, CVE-2024-27160, CVE-2024-27161, CVE-2024-27168, CVE-2024-27170
- Use of Hard-coded Password (CWE-259) - CVE-2024-27164
- Cross-site Scripting (CWE-79) - CVE-2024-27162
- Cleartext Transmission of Sensitive Information (CWE-319) - CVE-2024-27163
- Least Privilege Violation (CWE-272) - CVE-2024-27165
- Missing Authentication for Critical Function (CWE-306) - CVE-2024-27169
- OS Command Injection (CWE-78) - CVE-2024-27172
- External Control of File Name or Path (CWE-73) - CVE-2024-27175
- Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) - CVE-2024-27180
- Authentication Bypass Using an Alternate Path or Channel (CWE-288) - CVE-2024-3496
- Relative Path Traversal (CWE-23) - CVE-2024-3497
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003539.html",
"dc:date": "2024-06-17T15:21+09:00",
"dcterms:issued": "2024-06-17T15:21+09:00",
"dcterms:modified": "2024-06-17T15:21+09:00",
"description": "MFPs (multifunction printers) provided by Toshiba Tec Corporation and Oki Electric Industry Co., Ltd. contain multiple vulnerabilities listed below.\r\n\u003cul\u003e\r\n\t\u003cli\u003e\u003cb\u003eImproper Restriction of Recursive Entity References in DTDs (\u0026#39;XML Entity Expansion\u0026#39;) (\u003ca href=\"https://cwe.mitre.org/data/definitions/776\"\u003eCWE-776\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27141, CVE-2024-27142\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eExecution with Unnecessary Privileges (\u003ca href=\"https://cwe.mitre.org/data/definitions/250\"\u003eCWE-250\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27143, CVE-2024-27146, CVE-2024-27147, CVE-2024-3498\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eIncorrect Default Permissions (\u003ca href=\"https://cwe.mitre.org/data/definitions/276\"\u003eCWE-276\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27148, CVE-2024-27149, CVE-2024-27150, CVE-2024-27151, CVE-2024-27152, CVE-2024-27153, CVE-2024-27155, CVE-2024-27167, CVE-2024-27171\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003ePath Traversal (\u003ca href=\"https://cwe.mitre.org/data/definitions/22\"\u003eCWE-22\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27144, CVE-2024-27145, CVE-2024-27173, CVE-2024-27174, CVE-2024-27176, CVE-2024-27177, CVE-2024-27178\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eInsertion of Sensitive Information into Log File (\u003ca href=\"https://cwe.mitre.org/data/definitions/532\"\u003eCWE-532\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27154, CVE-2024-27156, CVE-2024-27157\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003ePlaintext Storage of a Password (\u003ca href=\"https://cwe.mitre.org/data/definitions/256\"\u003eCWE-256\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27166\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eDebug Messages Revealing Unnecessary Information (\u003ca href=\"https://cwe.mitre.org/data/definitions/1295\"\u003eCWE-1295\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27179\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eUse of Default Credentials (\u003ca href=\"https://cwe.mitre.org/data/definitions/1392\"\u003eCWE-1392\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27158\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eUse of Hard-coded Credentials (\u003ca href=\"https://cwe.mitre.org/data/definitions/798\"\u003eCWE-798\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27159, CVE-2024-27160, CVE-2024-27161, CVE-2024-27168, CVE-2024-27170\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eUse of Hard-coded Password (\u003ca href=\"https://cwe.mitre.org/data/definitions/259\"\u003eCWE-259\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27164\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eCross-site Scripting (\u003ca href=\"http://cwe.mitre.org/data/definitions/79\"\u003eCWE-79\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27162\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eCleartext Transmission of Sensitive Information (\u003ca href=\"https://cwe.mitre.org/data/definitions/319\"\u003eCWE-319\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27163\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eLeast Privilege Violation (\u003ca href=\"https://cwe.mitre.org/data/definitions/272\"\u003eCWE-272\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27165\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eMissing Authentication for Critical Function (\u003ca href=\"https://cwe.mitre.org/data/definitions/306\"\u003eCWE-306\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27169\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eOS Command Injection (\u003ca href=\"https://cwe.mitre.org/data/definitions/78\"\u003eCWE-78\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27172\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eExternal Control of File Name or Path (\u003ca href=\"https://cwe.mitre.org/data/definitions/73\"\u003eCWE-73\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27175\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eTime-of-check Time-of-use (TOCTOU) Race Condition (\u003ca href=\"https://cwe.mitre.org/data/definitions/367\"\u003eCWE-367\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27180\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eAuthentication Bypass Using an Alternate Path or Channel (\u003ca href=\"https://cwe.mitre.org/data/definitions/288\"\u003eCWE-288\u003c/a\u003e\u003c/b\u003e) - CVE-2024-3496\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eRelative Path Traversal (\u003ca href=\"https://cwe.mitre.org/data/definitions/23\"\u003eCWE-23\u003c/a\u003e) \u003c/b\u003e- CVE-2024-3497\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\nToshiba Tec Corporation reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003539.html",
"sec:cpe": [
{
"#text": "cpe:/a:misc:oki_electric_industry_multiple_product",
"@product": "(Multiple Products)",
"@vendor": "Oki Electric Industry Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:toshibatec:multiple_product",
"@product": "(Multiple Products)",
"@vendor": "TOSHIBA TEC",
"@version": "2.2"
}
],
"sec:identifier": "JVNDB-2024-003539",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU97136265/index.html",
"@id": "JVNVU#97136265",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27141",
"@id": "CVE-2024-27141",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27142",
"@id": "CVE-2024-27142",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27143",
"@id": "CVE-2024-27143",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27146",
"@id": "CVE-2024-27146",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27147",
"@id": "CVE-2024-27147",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-3498",
"@id": "CVE-2024-3498",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27148",
"@id": "CVE-2024-27148",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27149",
"@id": "CVE-2024-27149",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27150",
"@id": "CVE-2024-27150",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27151",
"@id": "CVE-2024-27151",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27152",
"@id": "CVE-2024-27152",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27153",
"@id": "CVE-2024-27153",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27155",
"@id": "CVE-2024-27155",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27167",
"@id": "CVE-2024-27167",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27171",
"@id": "CVE-2024-27171",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27144",
"@id": "CVE-2024-27144",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27145",
"@id": "CVE-2024-27145",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27173",
"@id": "CVE-2024-27173",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27174",
"@id": "CVE-2024-27174",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27176",
"@id": "CVE-2024-27176",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27177",
"@id": "CVE-2024-27177",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27178",
"@id": "CVE-2024-27178",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27154",
"@id": "CVE-2024-27154",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27156",
"@id": "CVE-2024-27156",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27157",
"@id": "CVE-2024-27157",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27166",
"@id": "CVE-2024-27166",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27179",
"@id": "CVE-2024-27179",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27158",
"@id": "CVE-2024-27158",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27159",
"@id": "CVE-2024-27159",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27160",
"@id": "CVE-2024-27160",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27161",
"@id": "CVE-2024-27161",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27168",
"@id": "CVE-2024-27168",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27170",
"@id": "CVE-2024-27170",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27164",
"@id": "CVE-2024-27164",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27162",
"@id": "CVE-2024-27162",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27163",
"@id": "CVE-2024-27163",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27165",
"@id": "CVE-2024-27165",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27169",
"@id": "CVE-2024-27169",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27172",
"@id": "CVE-2024-27172",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27175",
"@id": "CVE-2024-27175",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27180",
"@id": "CVE-2024-27180",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-3496",
"@id": "CVE-2024-3496",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-3497",
"@id": "CVE-2024-3497",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/1295",
"@id": "CWE-1295",
"@title": "Debug Messages Revealing Unnecessary Information(CWE-1295)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/1392.html",
"@id": "CWE-1392",
"@title": "Use of Default Credentials(CWE-1392)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/23.html",
"@id": "CWE-23",
"@title": "Relative Path Traversal(CWE-23)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/250.html",
"@id": "CWE-250",
"@title": "Execution with Unnecessary Privileges(CWE-250)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/256.html",
"@id": "CWE-256",
"@title": "Unprotected Storage of Credentials(CWE-256)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/259.html",
"@id": "CWE-259",
"@title": "Use of Hard-coded Password(CWE-259)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/272.html",
"@id": "CWE-272",
"@title": "Least Privilege Violation(CWE-272)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/276.html",
"@id": "CWE-276",
"@title": "Incorrect Default Permissions(CWE-276)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/288.html",
"@id": "CWE-288",
"@title": "Authentication Bypass Using an Alternate Path or Channel(CWE-288)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/306.html",
"@id": "CWE-306",
"@title": "Missing Authentication for Critical Function(CWE-306)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/319.html",
"@id": "CWE-319",
"@title": "Cleartext Transmission of Sensitive Information(CWE-319)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/367.html",
"@id": "CWE-367",
"@title": "Time-of-check Time-of-use (TOCTOU) Race Condition(CWE-367)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/532.html",
"@id": "CWE-532",
"@title": "Information Exposure Through Log Files(CWE-532)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/73.html",
"@id": "CWE-73",
"@title": "External Control of File Name or Path(CWE-73)"
},
{
"#text": "http://cwe.mitre.org/data/definitions/776.html",
"@id": "CWE-776",
"@title": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)(CWE-776)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/798.html",
"@id": "CWE-798",
"@title": "Use of Hard-coded Credentials(CWE-798)"
}
],
"title": "Multiple vulnerabilities in Toshiba Tec and Oki Electric Industry MFPs"
}