CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-45320
https://notcve.org/view.php?id=CVE-2024-45320
18 Feb 2025 — Out-of-bounds write vulnerability exists in DocuPrint CP225w 01.22.01 and earlier, DocuPrint CP228w 01.22.01 and earlier, DocuPrint CM225fw 01.10.01 and earlier, and DocuPrint CM228fw 01.10.01 and earlier. If an affected MFP processes a specially crafted printer job file, a denial-of-service (DoS) condition may occur. • https://jvn.jp/en/vu/JVNVU96297631 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 348EXPL: 0CVE-2024-12782 – Fujifilm Business Innovation Apeos C3070/Apeos C5570/Apeos C6580 Web Interface index.html#hashHome improper authorization
https://notcve.org/view.php?id=CVE-2024-12782
19 Dec 2024 — A vulnerability has been found in Fujifilm Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /home/index.html#hashHome of the component Web Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/dycccccccc/Fuji/blob/main/Fujifilm%20Business%20Innovation.docx • CWE-266: Incorrect Privilege Assignment CWE-285: Improper Authorization •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-22475
https://notcve.org/view.php?id=CVE-2024-22475
18 Mar 2024 — Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. Vulnerabilidad de Cross-Site Request Forgery en múltiples impresoras y escáneres que implementan admin... • https://jvn.jp/en/jp/JVN82749078 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-21824
https://notcve.org/view.php?id=CVE-2024-21824
18 Mar 2024 — Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative user. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. Existe una vulnerabilidad de autenticación incorrecta en varias imp... • https://jvn.jp/en/jp/JVN82749078 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.1EPSS: 0%CPEs: 37EXPL: 0CVE-2024-27974
https://notcve.org/view.php?id=CVE-2024-27974
18 Mar 2024 — Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, the settings such as the administrator's ID, password, etc. may be altered. As for the details of affected product names, model numbers, and versions, refer to the information provided by the vendor listed under [References]. Vulnerabilidad de Cross-Site Request Forgery en ... • https://jvn.jp/en/jp/JVN34328023 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 223EXPL: 0CVE-2023-46327
https://notcve.org/view.php?id=CVE-2023-46327
02 Nov 2023 — Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient. With the knowledge of the encryption process and the encryption key, the information such as the server credentials may be obtained from the exported Address Book data. As for the details of affected product names, model numbers, and versions, refer to the information provi... • https://jvn.jp/en/vu/JVNVU96482726/index.html • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 434EXPL: 0CVE-2023-29984
https://notcve.org/view.php?id=CVE-2023-29984
11 Jul 2023 — Null pointer dereference vulnerability exists in multiple vendors MFPs and printers which implement Debut web server 1.2 or 1.3. Processing a specially crafted request may lead an affected product to a denial-of-service (DoS) condition. As for the affected products/models/versions, see the detailed information provided by each vendor. • https://jvn.jp/en/vu/JVNVU93767756/index.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43460
https://notcve.org/view.php?id=CVE-2022-43460
13 Feb 2023 — Driver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a recoverable format. If an attacker obtains a configuration file of Driver Distributor, the encrypted administrator's credentials may be decrypted. • https://jvn.jp/en/jp/JVN22830348 • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.1EPSS: 0%CPEs: 183EXPL: 0CVE-2022-26320
https://notcve.org/view.php?id=CVE-2022-26320
14 Mar 2022 — The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate. Rambus SafeZone Basic Crypto Module anterior a la versión 10.4.0, utilizado en algunos dispositivos Fujifilm (a... • https://fermatattack.secvuln.info • CWE-330: Use of Insufficiently Random Values •
CVSS: 4.9EPSS: 0%CPEs: 320EXPL: 1CVE-2021-43774
https://notcve.org/view.php?id=CVE-2021-43774
03 Mar 2022 — A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 1.8 devices. An attacker that obtained access to the administrative web interface of a printer (e.g., by using the default credentials) can download the address book file, which contains the list of users (domain users, FTP users, etc.) stored on the printer, together with their encrypted passwords. The passwords are protected by a weak cipher, such as ROT13, which requires minimal effort to instantly retrieve the original password, givi... • https://www.foregenix.com/blog • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •