{"id":411,"date":"2011-10-16T14:52:58","date_gmt":"2011-10-16T20:52:58","guid":{"rendered":"http:\/\/www.foofus.net\/?page_id=411"},"modified":"2011-10-16T14:52:58","modified_gmt":"2011-10-16T20:52:58","slug":"toshiba-estudio-multifunction-printer-authentication-bypass","status":"publish","type":"page","link":"http:\/\/h.foofus.net\/?page_id=411","title":{"rendered":"Toshiba eStudio Multifunction Printer Authentication Bypass"},"content":{"rendered":"<p>============================================================================<br \/>\nFoofus.net Security Advisory: foofus-20111016<br \/>\n============================================================================<br \/>\nTitle:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Toshiba eStudio Multifunction Printer Authentication Bypass<br \/>\nVersion:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 e-Studio series devices<br \/>\nVendor:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Toshiba<br \/>\nRelease Date:\u00a0\u00a0 01\/29\/2011<br \/>\nIssue Status:\u00a0\u00a0\u00a0 Contacted by Vendor on 2\/25\/2011 about release of a firmware patch.<br \/>\nUpdate Date:\u00a0\u00a0 10\/26\/2011<br \/>\n============================================================================<\/p>\n<p>1. Summary:<\/p>\n<p>Toshiba e-Studio devices found to be vulnerable to an authentication bypass<br \/>\nvulnerability.<\/p>\n<p>============================================================================<\/p>\n<p>2. Description:<\/p>\n<p>The authentication is easily bypassed by adding an extra \/ in the URL after<br \/>\nTopAccess.<\/p>\n<p>Example:<br \/>\nhttp:\/\/IP Address\/TopAccess\/\/Administrator\/Setup\/ScanToFile\/List.htm<\/p>\n<p>============================================================================<\/p>\n<p>3. Impact:<\/p>\n<p>Exploiting this allows an adversary to gain access to the device via the web<br \/>\nmanagement interface without authenticating.<\/p>\n<p>============================================================================<\/p>\n<p>4. Affected Products:<\/p>\n<p>All e-Studio devices tested against have been found to be vulnerable as of<br \/>\nJuly 2011.<\/p>\n<p>Validation of specific firmware versions have not been conducted on all devices.<br \/>\nThis is due to limited access to devices<\/p>\n<p>Confirmed devices and firmware:<\/p>\n<p>e-STUDIO3510c\u00a0\u00a0\u00a0\u00a0 firmware version T380SY0J040<br \/>\ne-STUDIO2830c \u00a0\u00a0\u00a0 firmware version T450SY0U233<br \/>\ne-STUDIO281c\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 firmware version T410SY0T233<\/p>\n<p>===========================================================================<\/p>\n<p>5. Solution:<\/p>\n<p>Contact vendor and request firmware upgrade to patch security issue<\/p>\n<p>============================================================================<\/p>\n<p>6) Time Table:<\/p>\n<p>01\/29\/2011 Reported Vulnerability.<\/p>\n<p>02\/25\/2011 Vendor acknowledged issue and stated firmware patch would soon<br \/>\nbe available<\/p>\n<p>March &#8211; July 2011 continued attempts to contact vendor to confirm firmware<br \/>\npatch. Request were never answered.<br \/>\n10\/16\/2011 Publishes Advisory<\/p>\n<p>============================================================================<\/p>\n<p>7) Credits: Discovered by Deral Heiland PercX<\/p>\n<p>============================================================================<\/p>\n<p>8. Reference:<\/p>\n<p>http:\/\/praeda.foofus.net<\/p>\n<p>http:\/\/www.foofus.net\/?page_id=411<\/p>\n<p>============================================================================<\/p>\n<p>The Foofus.Net team is an assortment of security professionals located<br \/>\nthrough out the United States. http:\/\/www.foofus.net<\/p>\n<p>============================================================================<\/p>\n","protected":false},"excerpt":{"rendered":"<p>============================================================================ Foofus.net Security Advisory: foofus-20111016 ============================================================================ Title:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Toshiba eStudio Multifunction Printer Authentication Bypass Version:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 e-Studio series devices Vendor:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Toshiba Release Date:\u00a0\u00a0 01\/29\/2011 Issue Status:\u00a0\u00a0\u00a0 Contacted by Vendor on 2\/25\/2011 about release of a firmware patch. Update Date:\u00a0\u00a0 10\/26\/2011 ============================================================================ 1. Summary: Toshiba e-Studio devices found to be vulnerable to an authentication bypass vulnerability. ============================================================================ 2. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":273,"menu_order":1,"comment_status":"open","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-411","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"http:\/\/h.foofus.net\/index.php?rest_route=\/wp\/v2\/pages\/411","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/h.foofus.net\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"http:\/\/h.foofus.net\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"http:\/\/h.foofus.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/h.foofus.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=411"}],"version-history":[{"count":0,"href":"http:\/\/h.foofus.net\/index.php?rest_route=\/wp\/v2\/pages\/411\/revisions"}],"up":[{"embeddable":true,"href":"http:\/\/h.foofus.net\/index.php?rest_route=\/wp\/v2\/pages\/273"}],"wp:attachment":[{"href":"http:\/\/h.foofus.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=411"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}