Multiple printers provided by FUJIFILM Business Innovation Corp. contain a cross-site request forgery vulnerability (CWE-352).
If a user views a malicious page while logging in, the user information may be altered. In the case the user is an administrator, the settings such as the administrator’s ID, password, etc. may be altered.
Apply workarounds
The developer states that there are some obsolite models where CSRF prevention function is not implemented.
For those models, applying the following workaround may mitigate the impact of this vulnerability.
As for the details of affected product names, model numbers, and versions, refer to the information provided by the vendor listed below.