Published:2012/04/05  Last Updated:2012/04/05

TOSHIBA TEC e-Studio series vulnerable to authentication bypass


Multiple e-Studio series products provided by TOSHIBA TEC CORPORATION contain an authentication bypass vulnerability.

Products Affected

A wide range of products are affected. For more information, refer to the developer's website.


e-Studio is a multi-function peripheral (MFP). Multiple e-Studio series products contain a vulnerability in web-based management utility, which may result in an authentication bypass.


An attacker that can access the product may log in with administrative privileges. As a result, settings may be changed and credential information may be viewed.


Update the software
Apply the latest update for each product according to the information provided by the developer.


JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Analyzed on 2012.04.05

Measures Conditions Severity
Access Required can be attacked over the Internet using packets
  • High
Authentication anonymous or no authentication (IP addresses do not count)
  • High
User Interaction Required the vulnerability can be exploited without an honest user taking any action
  • High
Exploit Complexity some expertise and/or luck required (most buffer overflows, guessing correctly in small space, expertise in Windows function calls)
  • Mid-High

Description of each analysis measures


Other Information

JPCERT Reports
CERT Advisory
CPNI Advisory
CVE CVE-2012-1239
JVN iPedia JVNDB-2012-000028