CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-22475
https://notcve.org/view.php?id=CVE-2024-22475
Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. Vulnerabilidad de Cross-Site Request Forgery en múltiples impresoras y escáneres que implementan administración basada en web proporcionada por BROTHER INDUSTRIES, LTD. permite que un atacante remoto no autenticado realice operaciones no deseadas en el producto afectado. En cuanto a los detalles de los nombres de productos, números de modelo y versiones afectados, consulte la información proporcionada por los respectivos proveedores que figuran en [Referencias]. • https://jvn.jp/en/jp/JVN82749078 https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faqp00100601_000 https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faq00100823_000 https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002 https://www.toshibatec.com/information/20240306_01.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-21824
https://notcve.org/view.php?id=CVE-2024-21824
Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative user. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. Existe una vulnerabilidad de autenticación incorrecta en varias impresoras y escáneres que implementan la administración basada en web proporcionada por BROTHER INDUSTRIES, LTD. Si se explota esta vulnerabilidad, un usuario adyacente a la red que pueda acceder al producto puede hacerse pasar por un usuario administrativo. • https://jvn.jp/en/jp/JVN82749078 https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faqp00100601_000 https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faq00100823_000 https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002 https://www.toshibatec.com/information/20240306_01.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.3EPSS: 0%CPEs: 37EXPL: 0CVE-2024-27974
https://notcve.org/view.php?id=CVE-2024-27974
Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, the settings such as the administrator's ID, password, etc. may be altered. As for the details of affected product names, model numbers, and versions, refer to the information provided by the vendor listed under [References]. Vulnerabilidad de Cross-Site Request Forgery en impresoras FUJIFILM que implementan CentreWare Internet Services o Internet Services permite que un atacante remoto no autenticado altere la información del usuario. En el caso de que el usuario sea administrador, se podrán alterar configuraciones como ID de administrador, contraseña, etc. • https://jvn.jp/en/jp/JVN34328023 https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_1_announce.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 223EXPL: 0CVE-2023-46327
https://notcve.org/view.php?id=CVE-2023-46327
Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient. With the knowledge of the encryption process and the encryption key, the information such as the server credentials may be obtained from the exported Address Book data. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. Multiple MFPs (Multifunction Printers) proporcionadas por FUJIFILM Business Innovation Corp. y Xerox Corporation brindan la posibilidad de exportar el contenido de su Libreta de Direcciones en forma cifrada, pero la seguridad del cifrado es insuficiente. Conociendo el proceso de cifrado y la clave de cifrado, se puede obtener información como las credenciales del servidor a partir de los datos exportados de la Libreta de Direcciones. • https://jvn.jp/en/vu/JVNVU96482726/index.html https://security.business.xerox.com/en-us/documents/bulletins https://www.fujifilm.com/fbglobal/eng/company/news/notice/2023/1031_addressbook_announce.html • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 434EXPL: 0CVE-2023-29984
https://notcve.org/view.php?id=CVE-2023-29984
Null pointer dereference vulnerability exists in multiple vendors MFPs and printers which implement Debut web server 1.2 or 1.3. Processing a specially crafted request may lead an affected product to a denial-of-service (DoS) condition. As for the affected products/models/versions, see the detailed information provided by each vendor. • https://jvn.jp/en/vu/JVNVU93767756/index.html https://support.brother.com/g/b/faqend.aspx?c=us&lang=en&prod=group2&faqid=faq00100793_000 https://support.brother.com/g/s/security/en https://www.fujifilm.com/fbglobal/eng/company/news/notice/2023/browser_announce.html • CWE-476: NULL Pointer Dereference •