Toshiba printers use SNMP for configuration. Using the private community, it is possible to remotely execute commands as root on the remote printer. Using this vulnerability will allow any attacker to get a root access on a remote Toshiba printer. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL.
An attacker exploits the SNMP protocol configured in Toshiba printers, gaining access using the private community name. Through specially crafted SNMP requests, it is possible to remotely execute arbitrary system commands with root privileges on the device. The vulnerability works in combination with other flaws, meaning that its independent exploitation is more difficult and results in lower actual risk than indicated by the base CVSS score.
An attacker gains full root access to a remote Toshiba printer, enabling device takeover, theft of configuration data, and potential lateral movement within the internal network.
Apply patches available from the manufacturer according to the references. Additionally, it is recommended to restrict SNMP protocol access at the firewall level, change default SNMP community names, and isolate printing devices in a separate network segment.
Toshiba printers — specific models and versions indicated in the manufacturer's references (https://www.toshibatec.com/information/20240531_01.html)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H