An attacker with admin access can install rogue applications. As for the affected products/models/versions, see the reference URL.
https://www.toshibatec.com/information/pdf/information20240531_01.pdf
https://www.toshibatec.com/information/20240531_01.html