Toshiba Tec Corporation

Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lead to a …

The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted paramet…

Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerabi…

API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer…

There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining…

The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication…

Admin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. Sharp Corporat…

"sessionlist.html" and "sys_trayentryreboot.html" are accessible with no authentication. "sessionlist.html" provides logged-in users' session informa…

Improper processing of some parameters of installed_emanual_list.html leads to a path traversal vulnerability. As for the details of affected product…

User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As fo…