============================================================================
Foofus.net Security Advisory: foofus-20111016
============================================================================
Title: Toshiba eStudio Multifunction Printer Authentication Bypass
Version: e-Studio series devices
Vendor: Toshiba
Release Date: 01/29/2011
Issue Status: Contacted by Vendor on 2/25/2011 about release of a firmware patch.
Update Date: 10/26/2011
============================================================================
1. Summary:
Toshiba e-Studio devices found to be vulnerable to an authentication bypass
vulnerability.
============================================================================
2. Description:
The authentication is easily bypassed by adding an extra / in the URL after
TopAccess.
Example:
http://IP Address/TopAccess//Administrator/Setup/ScanToFile/List.htm
============================================================================
3. Impact:
Exploiting this allows an adversary to gain access to the device via the web
management interface without authenticating.
============================================================================
4. Affected Products:
All e-Studio devices tested against have been found to be vulnerable as of
July 2011.
Validation of specific firmware versions have not been conducted on all devices.
This is due to limited access to devices
Confirmed devices and firmware:
e-STUDIO3510c firmware version T380SY0J040
e-STUDIO2830c firmware version T450SY0U233
e-STUDIO281c firmware version T410SY0T233
===========================================================================
5. Solution:
Contact vendor and request firmware upgrade to patch security issue
============================================================================
6) Time Table:
01/29/2011 Reported Vulnerability.
02/25/2011 Vendor acknowledged issue and stated firmware patch would soon
be available
March – July 2011 continued attempts to contact vendor to confirm firmware
patch. Request were never answered.
10/16/2011 Publishes Advisory
============================================================================
7) Credits: Discovered by Deral Heiland PercX
============================================================================
8. Reference:
http://praeda.foofus.net
http://www.foofus.net/?page_id=411
============================================================================
The Foofus.Net team is an assortment of security professionals located
through out the United States. http://www.foofus.net
============================================================================