CVE-2024-22475
https://notcve.org/view.php?id=CVE-2024-22475
Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. Vulnerabilidad de Cross-Site Request Forgery en múltiples impresoras y escáneres que implementan administración basada en web proporcionada por BROTHER INDUSTRIES, LTD. permite que un atacante remoto no autenticado realice operaciones no deseadas en el producto afectado. En cuanto a los detalles de los nombres de productos, números de modelo y versiones afectados, consulte la información proporcionada por los respectivos proveedores que figuran en [Referencias]. • https://jvn.jp/en/jp/JVN82749078 https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faqp00100601_000 https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faq00100823_000 https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002 https://www.toshibatec.com/information/20240306_01.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2024-21824
https://notcve.org/view.php?id=CVE-2024-21824
Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative user. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. Existe una vulnerabilidad de autenticación incorrecta en varias impresoras y escáneres que implementan la administración basada en web proporcionada por BROTHER INDUSTRIES, LTD. Si se explota esta vulnerabilidad, un usuario adyacente a la red que pueda acceder al producto puede hacerse pasar por un usuario administrativo. • https://jvn.jp/en/jp/JVN82749078 https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faqp00100601_000 https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faq00100823_000 https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002 https://www.toshibatec.com/information/20240306_01.html • CWE-306: Missing Authentication for Critical Function •
CVE-2023-51654
https://notcve.org/view.php?id=CVE-2023-51654
Improper link resolution before file access ('Link Following') issue exists in iPrint&Scan Desktop for Windows versions 11.0.0 and earlier. A symlink attack by a malicious user may cause a Denial-of-service (DoS) condition on the PC. Existe un problema de resolución de enlace incorrecta antes del acceso al archivo ("Seguimiento de enlace") en iPrint&Scan Desktop for Windows para las versiones 11.0.0 y anteriores. Un ataque de enlace simbólico por parte de un usuario malintencionado puede provocar una condición de denegación de servicio (DoS) en la PC. • https://jvn.jp/en/vu/JVNVU97943829 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2023-29984
https://notcve.org/view.php?id=CVE-2023-29984
Null pointer dereference vulnerability exists in multiple vendors MFPs and printers which implement Debut web server 1.2 or 1.3. Processing a specially crafted request may lead an affected product to a denial-of-service (DoS) condition. As for the affected products/models/versions, see the detailed information provided by each vendor. • https://jvn.jp/en/vu/JVNVU93767756/index.html https://support.brother.com/g/b/faqend.aspx?c=us&lang=en&prod=group2&faqid=faq00100793_000 https://support.brother.com/g/s/security/en https://www.fujifilm.com/fbglobal/eng/company/news/notice/2023/browser_announce.html • CWE-476: NULL Pointer Dereference •
CVE-2023-28369
https://notcve.org/view.php?id=CVE-2023-28369
Brother iPrint&Scan V6.11.2 and earlier contains an improper access control vulnerability. This vulnerability may be exploited by the other app installed on the victim user's Android device, which may lead to displaying the settings and/or log information of the affected app as a print preview. • https://faq.brother.co.jp/app/answers/detail/a_id/13468 https://jvn.jp/en/vu/JVNVU97891206 https://play.google.com/store/apps/details?id=com.brother.mfc.brprint https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100794_000 •