Response to vulnerability in the "Web Browser Configuration" function installed in some Toshiba Tec’s digital multi-function peripherals

June 29, 2023
Toshiba Tec Corporation

Thank you for using our products.

A vulnerability has been identified in the "Web Browser Configuration" function of some of our multi-function peripherals. This issue does not result in the leakage of information from the product to outside parties.

Vulnerability details

Target Products
e-STUDIO 301DN/ 302DNF (These products have been sold only in the Chinese market.)
Vulnerability identification number
Release Date
June 29, 2023
Impact Score
CVSSv3 5.3:CVSS: 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
In the web browser configuration function, the product reboots when a specific operation is performed on the print server setting screen.

Ask your service company to update the main unit software.
When connecting to the Internet, connect to a network protected through a firewall as described in the manual.
This vulnerability was reported by Mr. Darren Johnson lived in Australia.
Thanks for this report and for the progress he has made in addressing this issue.