Search

Find a vulnerability

Search criteria

    3 vulnerabilities by Oki Electric Industry Co., Ltd.

    CVE-2026-24466 (GCVE-0-2026-24466)

    Vulnerability from nvd – Published: 2026-02-09 06:59 – Updated: 2026-02-09 15:43
    VLAI
    Summary
    Products provided by Oki Electric Industry Co., Ltd. and its OEM products (Ricoh Co., Ltd., Murata Machinery, Ltd.) register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-428 - Unquoted search path or element
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24466",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-09T15:43:38.709818Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-09T15:43:46.605Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "See \"References\" section",
              "vendor": "Oki Electric Industry Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See \"References\" section"
                }
              ]
            },
            {
              "product": "See \"References\" section",
              "vendor": "Ricoh Company, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See \"References\" section"
                }
              ]
            },
            {
              "product": "See \"References\" section",
              "vendor": "Murata Machinery, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See \"References\" section"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Products provided by Oki Electric Industry Co., Ltd. and its OEM products (Ricoh Co., Ltd., Murata Machinery, Ltd.) register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-428",
                  "description": "Unquoted search path or element",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-09T06:59:30.186Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.oki.com/jp/product_security/sa_2026_0001_en.html"
            },
            {
              "url": "https://www.oki.com/jp/printing/support/important-information/2026/info-260209/index.html"
            },
            {
              "url": "https://jp.ricoh.com/security/products/vulnerabilities/vul?id=ricoh-2026-000002"
            },
            {
              "url": "https://www.muratec.jp/ce/support/announce_sp_20260209.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN55395471/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-24466",
        "datePublished": "2026-02-09T06:59:30.186Z",
        "dateReserved": "2026-01-23T00:31:37.485Z",
        "dateUpdated": "2026-02-09T15:43:46.605Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24466 (GCVE-0-2026-24466)

    Vulnerability from cvelistv5 – Published: 2026-02-09 06:59 – Updated: 2026-02-09 15:43
    VLAI
    Summary
    Products provided by Oki Electric Industry Co., Ltd. and its OEM products (Ricoh Co., Ltd., Murata Machinery, Ltd.) register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-428 - Unquoted search path or element
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24466",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-09T15:43:38.709818Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-09T15:43:46.605Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "See \"References\" section",
              "vendor": "Oki Electric Industry Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See \"References\" section"
                }
              ]
            },
            {
              "product": "See \"References\" section",
              "vendor": "Ricoh Company, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See \"References\" section"
                }
              ]
            },
            {
              "product": "See \"References\" section",
              "vendor": "Murata Machinery, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See \"References\" section"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Products provided by Oki Electric Industry Co., Ltd. and its OEM products (Ricoh Co., Ltd., Murata Machinery, Ltd.) register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-428",
                  "description": "Unquoted search path or element",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-09T06:59:30.186Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.oki.com/jp/product_security/sa_2026_0001_en.html"
            },
            {
              "url": "https://www.oki.com/jp/printing/support/important-information/2026/info-260209/index.html"
            },
            {
              "url": "https://jp.ricoh.com/security/products/vulnerabilities/vul?id=ricoh-2026-000002"
            },
            {
              "url": "https://www.muratec.jp/ce/support/announce_sp_20260209.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN55395471/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-24466",
        "datePublished": "2026-02-09T06:59:30.186Z",
        "dateReserved": "2026-01-23T00:31:37.485Z",
        "dateUpdated": "2026-02-09T15:43:46.605Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    JVNDB-2024-003539

    Vulnerability from jvndb - Published: 2024-06-17 15:21 - Updated:2024-06-17 15:21
    Summary
    Multiple vulnerabilities in Toshiba Tec and Oki Electric Industry MFPs
    Details
    MFPs (multifunction printers) provided by Toshiba Tec Corporation and Oki Electric Industry Co., Ltd. contain multiple vulnerabilities listed below.
    • Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') (CWE-776) - CVE-2024-27141, CVE-2024-27142
    • Execution with Unnecessary Privileges (CWE-250) - CVE-2024-27143, CVE-2024-27146, CVE-2024-27147, CVE-2024-3498
    • Incorrect Default Permissions (CWE-276) - CVE-2024-27148, CVE-2024-27149, CVE-2024-27150, CVE-2024-27151, CVE-2024-27152, CVE-2024-27153, CVE-2024-27155, CVE-2024-27167, CVE-2024-27171
    • Path Traversal (CWE-22) - CVE-2024-27144, CVE-2024-27145, CVE-2024-27173, CVE-2024-27174, CVE-2024-27176, CVE-2024-27177, CVE-2024-27178
    • Insertion of Sensitive Information into Log File (CWE-532) - CVE-2024-27154, CVE-2024-27156, CVE-2024-27157
    • Plaintext Storage of a Password (CWE-256) - CVE-2024-27166
    • Debug Messages Revealing Unnecessary Information (CWE-1295) - CVE-2024-27179
    • Use of Default Credentials (CWE-1392) - CVE-2024-27158
    • Use of Hard-coded Credentials (CWE-798) - CVE-2024-27159, CVE-2024-27160, CVE-2024-27161, CVE-2024-27168, CVE-2024-27170
    • Use of Hard-coded Password (CWE-259) - CVE-2024-27164
    • Cross-site Scripting (CWE-79) - CVE-2024-27162
    • Cleartext Transmission of Sensitive Information (CWE-319) - CVE-2024-27163
    • Least Privilege Violation (CWE-272) - CVE-2024-27165
    • Missing Authentication for Critical Function (CWE-306) - CVE-2024-27169
    • OS Command Injection (CWE-78) - CVE-2024-27172
    • External Control of File Name or Path (CWE-73) - CVE-2024-27175
    • Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) - CVE-2024-27180
    • Authentication Bypass Using an Alternate Path or Channel (CWE-288) - CVE-2024-3496
    • Relative Path Traversal (CWE-23) - CVE-2024-3497
    Toshiba Tec Corporation reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
    References
    JVN https://jvn.jp/en/vu/JVNVU97136265/index.html
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27141
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27142
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27143
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27146
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27147
    CVE https://www.cve.org/CVERecord?id=CVE-2024-3498
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27148
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27149
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27150
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27151
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27152
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27153
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27155
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27167
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27171
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27144
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27145
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27173
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27174
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27176
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27177
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27178
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27154
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27156
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27157
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27166
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27179
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27158
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27159
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27160
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27161
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27168
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27170
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27164
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27162
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27163
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27165
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27169
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27172
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27175
    CVE https://www.cve.org/CVERecord?id=CVE-2024-27180
    CVE https://www.cve.org/CVERecord?id=CVE-2024-3496
    CVE https://www.cve.org/CVERecord?id=CVE-2024-3497
    Debug Messages Revealing Unnecessary Information(CWE-1295) https://cwe.mitre.org/data/definitions/1295
    Use of Default Credentials(CWE-1392) https://cwe.mitre.org/data/definitions/1392.html
    Path Traversal(CWE-22) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    Relative Path Traversal(CWE-23) https://cwe.mitre.org/data/definitions/23.html
    Execution with Unnecessary Privileges(CWE-250) https://cwe.mitre.org/data/definitions/250.html
    Unprotected Storage of Credentials(CWE-256) https://cwe.mitre.org/data/definitions/256.html
    Use of Hard-coded Password(CWE-259) https://cwe.mitre.org/data/definitions/259.html
    Least Privilege Violation(CWE-272) https://cwe.mitre.org/data/definitions/272.html
    Incorrect Default Permissions(CWE-276) https://cwe.mitre.org/data/definitions/276.html
    Authentication Bypass Using an Alternate Path or Channel(CWE-288) https://cwe.mitre.org/data/definitions/288.html
    Missing Authentication for Critical Function(CWE-306) https://cwe.mitre.org/data/definitions/306.html
    Cleartext Transmission of Sensitive Information(CWE-319) https://cwe.mitre.org/data/definitions/319.html
    Time-of-check Time-of-use (TOCTOU) Race Condition(CWE-367) https://cwe.mitre.org/data/definitions/367.html
    Information Exposure Through Log Files(CWE-532) https://cwe.mitre.org/data/definitions/532.html
    External Control of File Name or Path(CWE-73) https://cwe.mitre.org/data/definitions/73.html
    Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')(CWE-776) http://cwe.mitre.org/data/definitions/776.html
    OS Command Injection(CWE-78) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    Cross-site Scripting(CWE-79) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    Use of Hard-coded Credentials(CWE-798) https://cwe.mitre.org/data/definitions/798.html
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003539.html",
      "dc:date": "2024-06-17T15:21+09:00",
      "dcterms:issued": "2024-06-17T15:21+09:00",
      "dcterms:modified": "2024-06-17T15:21+09:00",
      "description": "MFPs (multifunction printers) provided by Toshiba Tec Corporation and Oki Electric Industry Co., Ltd. contain multiple vulnerabilities listed below.\r\n\u003cul\u003e\r\n\t\u003cli\u003e\u003cb\u003eImproper Restriction of Recursive Entity References in DTDs (\u0026#39;XML Entity Expansion\u0026#39;) (\u003ca href=\"https://cwe.mitre.org/data/definitions/776\"\u003eCWE-776\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27141, CVE-2024-27142\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eExecution with Unnecessary Privileges (\u003ca href=\"https://cwe.mitre.org/data/definitions/250\"\u003eCWE-250\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27143, CVE-2024-27146, CVE-2024-27147, CVE-2024-3498\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eIncorrect Default Permissions (\u003ca href=\"https://cwe.mitre.org/data/definitions/276\"\u003eCWE-276\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27148, CVE-2024-27149, CVE-2024-27150, CVE-2024-27151, CVE-2024-27152, CVE-2024-27153, CVE-2024-27155, CVE-2024-27167, CVE-2024-27171\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003ePath Traversal (\u003ca href=\"https://cwe.mitre.org/data/definitions/22\"\u003eCWE-22\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27144, CVE-2024-27145, CVE-2024-27173, CVE-2024-27174, CVE-2024-27176, CVE-2024-27177, CVE-2024-27178\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eInsertion of Sensitive Information into Log File (\u003ca href=\"https://cwe.mitre.org/data/definitions/532\"\u003eCWE-532\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27154, CVE-2024-27156, CVE-2024-27157\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003ePlaintext Storage of a Password (\u003ca href=\"https://cwe.mitre.org/data/definitions/256\"\u003eCWE-256\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27166\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eDebug Messages Revealing Unnecessary Information (\u003ca href=\"https://cwe.mitre.org/data/definitions/1295\"\u003eCWE-1295\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27179\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eUse of Default Credentials (\u003ca href=\"https://cwe.mitre.org/data/definitions/1392\"\u003eCWE-1392\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27158\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eUse of Hard-coded Credentials (\u003ca href=\"https://cwe.mitre.org/data/definitions/798\"\u003eCWE-798\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27159, CVE-2024-27160, CVE-2024-27161, CVE-2024-27168, CVE-2024-27170\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eUse of Hard-coded Password (\u003ca href=\"https://cwe.mitre.org/data/definitions/259\"\u003eCWE-259\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27164\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eCross-site Scripting (\u003ca href=\"http://cwe.mitre.org/data/definitions/79\"\u003eCWE-79\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27162\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eCleartext Transmission of Sensitive Information (\u003ca href=\"https://cwe.mitre.org/data/definitions/319\"\u003eCWE-319\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27163\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eLeast Privilege Violation (\u003ca href=\"https://cwe.mitre.org/data/definitions/272\"\u003eCWE-272\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27165\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eMissing Authentication for Critical Function (\u003ca href=\"https://cwe.mitre.org/data/definitions/306\"\u003eCWE-306\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27169\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eOS Command Injection (\u003ca href=\"https://cwe.mitre.org/data/definitions/78\"\u003eCWE-78\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27172\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eExternal Control of File Name or Path (\u003ca href=\"https://cwe.mitre.org/data/definitions/73\"\u003eCWE-73\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27175\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eTime-of-check Time-of-use (TOCTOU) Race Condition (\u003ca href=\"https://cwe.mitre.org/data/definitions/367\"\u003eCWE-367\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27180\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eAuthentication Bypass Using an Alternate Path or Channel (\u003ca href=\"https://cwe.mitre.org/data/definitions/288\"\u003eCWE-288\u003c/a\u003e\u003c/b\u003e) - CVE-2024-3496\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eRelative Path Traversal (\u003ca href=\"https://cwe.mitre.org/data/definitions/23\"\u003eCWE-23\u003c/a\u003e) \u003c/b\u003e- CVE-2024-3497\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\nToshiba Tec Corporation reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003539.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:misc:oki_electric_industry_multiple_product",
          "@product": "(Multiple Products)",
          "@vendor": "Oki Electric Industry Co., Ltd.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:toshibatec:multiple_product",
          "@product": "(Multiple Products)",
          "@vendor": "TOSHIBA TEC",
          "@version": "2.2"
        }
      ],
      "sec:identifier": "JVNDB-2024-003539",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU97136265/index.html",
          "@id": "JVNVU#97136265",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27141",
          "@id": "CVE-2024-27141",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27142",
          "@id": "CVE-2024-27142",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27143",
          "@id": "CVE-2024-27143",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27146",
          "@id": "CVE-2024-27146",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27147",
          "@id": "CVE-2024-27147",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-3498",
          "@id": "CVE-2024-3498",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27148",
          "@id": "CVE-2024-27148",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27149",
          "@id": "CVE-2024-27149",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27150",
          "@id": "CVE-2024-27150",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27151",
          "@id": "CVE-2024-27151",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27152",
          "@id": "CVE-2024-27152",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27153",
          "@id": "CVE-2024-27153",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27155",
          "@id": "CVE-2024-27155",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27167",
          "@id": "CVE-2024-27167",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27171",
          "@id": "CVE-2024-27171",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27144",
          "@id": "CVE-2024-27144",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27145",
          "@id": "CVE-2024-27145",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27173",
          "@id": "CVE-2024-27173",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27174",
          "@id": "CVE-2024-27174",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27176",
          "@id": "CVE-2024-27176",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27177",
          "@id": "CVE-2024-27177",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27178",
          "@id": "CVE-2024-27178",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27154",
          "@id": "CVE-2024-27154",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27156",
          "@id": "CVE-2024-27156",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27157",
          "@id": "CVE-2024-27157",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27166",
          "@id": "CVE-2024-27166",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27179",
          "@id": "CVE-2024-27179",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27158",
          "@id": "CVE-2024-27158",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27159",
          "@id": "CVE-2024-27159",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27160",
          "@id": "CVE-2024-27160",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27161",
          "@id": "CVE-2024-27161",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27168",
          "@id": "CVE-2024-27168",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27170",
          "@id": "CVE-2024-27170",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27164",
          "@id": "CVE-2024-27164",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27162",
          "@id": "CVE-2024-27162",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27163",
          "@id": "CVE-2024-27163",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27165",
          "@id": "CVE-2024-27165",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27169",
          "@id": "CVE-2024-27169",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27172",
          "@id": "CVE-2024-27172",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27175",
          "@id": "CVE-2024-27175",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27180",
          "@id": "CVE-2024-27180",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-3496",
          "@id": "CVE-2024-3496",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-3497",
          "@id": "CVE-2024-3497",
          "@source": "CVE"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/1295",
          "@id": "CWE-1295",
          "@title": "Debug Messages Revealing Unnecessary Information(CWE-1295)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/1392.html",
          "@id": "CWE-1392",
          "@title": "Use of Default Credentials(CWE-1392)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-22",
          "@title": "Path Traversal(CWE-22)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/23.html",
          "@id": "CWE-23",
          "@title": "Relative Path Traversal(CWE-23)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/250.html",
          "@id": "CWE-250",
          "@title": "Execution with Unnecessary Privileges(CWE-250)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/256.html",
          "@id": "CWE-256",
          "@title": "Unprotected Storage of Credentials(CWE-256)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/259.html",
          "@id": "CWE-259",
          "@title": "Use of Hard-coded Password(CWE-259)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/272.html",
          "@id": "CWE-272",
          "@title": "Least Privilege Violation(CWE-272)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/276.html",
          "@id": "CWE-276",
          "@title": "Incorrect Default Permissions(CWE-276)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/288.html",
          "@id": "CWE-288",
          "@title": "Authentication Bypass Using an Alternate Path or Channel(CWE-288)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/306.html",
          "@id": "CWE-306",
          "@title": "Missing Authentication for Critical Function(CWE-306)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/319.html",
          "@id": "CWE-319",
          "@title": "Cleartext Transmission of Sensitive Information(CWE-319)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/367.html",
          "@id": "CWE-367",
          "@title": "Time-of-check Time-of-use (TOCTOU) Race Condition(CWE-367)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/532.html",
          "@id": "CWE-532",
          "@title": "Information Exposure Through Log Files(CWE-532)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/73.html",
          "@id": "CWE-73",
          "@title": "External Control of File Name or Path(CWE-73)"
        },
        {
          "#text": "http://cwe.mitre.org/data/definitions/776.html",
          "@id": "CWE-776",
          "@title": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)(CWE-776)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/798.html",
          "@id": "CWE-798",
          "@title": "Use of Hard-coded Credentials(CWE-798)"
        }
      ],
      "title": "Multiple vulnerabilities in Toshiba Tec and Oki Electric Industry MFPs"
    }