Wow this one was so simple I still cant stop laughing. This was originally released at Shmoocon on January 29 2011 Thought it was time to follow up with an advisory because most end users still do not know about this vulnerability. The authentication on Toshiba eStudio MFP devices is easily bypassed by adding an extra / in the URL after TopAccess.
Example:
http://IP Address/TopAccess//Administrator/Setup/ScanToFile/List.htm
For Latest Advisory click here
Really easy as you can see. Iam looking for assistance to better map out devices with this issue. If you have a Toshiba eStudio please check out the request at http://praeda.foofus.net to give me a hand.