CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-22475
https://notcve.org/view.php?id=CVE-2024-22475
Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. Vulnerabilidad de Cross-Site Request Forgery en múltiples impresoras y escáneres que implementan administración basada en web proporcionada por BROTHER INDUSTRIES, LTD. permite que un atacante remoto no autenticado realice operaciones no deseadas en el producto afectado. En cuanto a los detalles de los nombres de productos, números de modelo y versiones afectados, consulte la información proporcionada por los respectivos proveedores que figuran en [Referencias]. • https://jvn.jp/en/jp/JVN82749078 https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faqp00100601_000 https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faq00100823_000 https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002 https://www.toshibatec.com/information/20240306_01.html •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-21824
https://notcve.org/view.php?id=CVE-2024-21824
Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative user. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. Existe una vulnerabilidad de autenticación incorrecta en varias impresoras y escáneres que implementan la administración basada en web proporcionada por BROTHER INDUSTRIES, LTD. Si se explota esta vulnerabilidad, un usuario adyacente a la red que pueda acceder al producto puede hacerse pasar por un usuario administrativo. • https://jvn.jp/en/jp/JVN82749078 https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faqp00100601_000 https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faq00100823_000 https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002 https://www.toshibatec.com/information/20240306_01.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30759
https://notcve.org/view.php?id=CVE-2023-30759
The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege. • https://jvn.jp/en/vu/JVNVU92207133 https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000048-2023-000001 https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2023-000001 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.1EPSS: 0%CPEs: 158EXPL: 0CVE-2022-43969
https://notcve.org/view.php?id=CVE-2022-43969
Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials. • https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2022-000002 https://www.ricoh.com/software/dev_soft_manager •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-37406
https://notcve.org/view.php?id=CVE-2022-37406
Cross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. Vulnerabilidad de Cross-Site Scripting en versiones de firmware de Aficio SP 4210N anteriores a Web Support 1.05 permite a un atacante remoto autenticado con privilegios administrativos inyectar un script arbitrario. • https://jvn.jp/en/jp/JVN24659622/index.html https://support.ricoh.com/bb/html/dr_ut_e/rc3/model/sp42/sp42.htm https://support.ricoh.com/bbv2/html/dr_ut_d/ipsio/history/w/bb/pub_j/dr_ut_d/4101044/4101044791/V101/5236968/redirect_CLUTool_DOM/history.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •