CVE-2024-27168 Information

Description

It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions see the reference URL.

Reference

https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf https://jvn.jp/en/vu/JVNVU97136265/index.html