Response to vulnerability in the "Web Browser Configuration" function installed in some Toshiba Tec’s digital multi-function peripherals
June 29, 2023
Toshiba Tec Corporation
Thank you for using our products.
A vulnerability has been identified in the "Web Browser Configuration" function of some of our multi-function peripherals. This issue does not result in the leakage of information from the product to outside parties.
Vulnerability details
- Target Products
- e-STUDIO 301DN/ 302DNF (These products have been sold only in the Chinese market.)
- Vulnerability identification number
- JVNVU#93767756
- Release Date
- June 29, 2023
- Impact Score
- CVSSv3 5.3:CVSS: 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
- Details
- In the web browser configuration function, the product reboots when a specific operation is performed on the print server setting screen.
- Solution
- Ask your service company to update the main unit software.
- Workaround
- When connecting to the Internet, connect to a network protected through a firewall as described in the manual.
- Acknowledgments
- This vulnerability was reported by Mr. Darren Johnson lived in Australia.
Thanks for this report and for the progress he has made in addressing this issue.