CVSS: 7.5EPSS: 0%CPEs: 348EXPL: 0CVE-2024-12782 – Fujifilm Business Innovation Apeos C3070/Apeos C5570/Apeos C6580 Web Interface index.html#hashHome improper authorization
https://notcve.org/view.php?id=CVE-2024-12782
19 Dec 2024 — A vulnerability has been found in Fujifilm Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /home/index.html#hashHome of the component Web Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/dycccccccc/Fuji/blob/main/Fujifilm%20Business%20Innovation.docx • CWE-266: Incorrect Privilege Assignment CWE-285: Improper Authorization •
CVSS: 5.9EPSS: 0%CPEs: 223EXPL: 0CVE-2023-46327
https://notcve.org/view.php?id=CVE-2023-46327
02 Nov 2023 — Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient. With the knowledge of the encryption process and the encryption key, the information such as the server credentials may be obtained from the exported Address Book data. As for the details of affected product names, model numbers, and versions, refer to the information provi... • https://jvn.jp/en/vu/JVNVU96482726/index.html • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 0%CPEs: 183EXPL: 0CVE-2022-26320
https://notcve.org/view.php?id=CVE-2022-26320
14 Mar 2022 — The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate. Rambus SafeZone Basic Crypto Module anterior a la versión 10.4.0, utilizado en algunos dispositivos Fujifilm (a... • https://fermatattack.secvuln.info • CWE-330: Use of Insufficiently Random Values •