ГлавнаяУязвимости → CVE-2024-27168
7.1высокая

CVE-2024-27168

Описание

It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference URL.

CVSS
Балл7.1 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Источники
http://seclists.org/fulldisclosure/2024/Jul/1https://jvn.jp/en/vu/JVNVU97136265/index.htmlhttps://www.toshibatec.com/information/20240531_01.htmlhttps://www.toshibatec.com/information/pdf/information20240531_01.pdfhttp://seclists.org/fulldisclosure/2024/Jul/1https://jvn.jp/en/vu/JVNVU97136265/index.htmlhttps://www.toshibatec.com/information/20240531_01.htmlhttps://www.toshibatec.com/information/pdf/information20240531_01.pdf