JVN#82749078: Multiple vulnerabilities in printers and scanners which implement BROTHER Web Based Management

Multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. contain multiple vulnerabilities listed below.

Improper Authentication (CWE-287) - CVE-2024-21824

Cross-Site Request Forgery (CWE-352) - CVE-2024-22475

Impact

• A network-adjacent user who can access the product may impersonate an administrative user - CVE-2024-21824
• If a user views a malicious page while logged in, unintended operations may be performed - CVE-2024-22475

Solution

Update the firmware
Apply the appropriate firmware update according to the information provided by the respective vendors.

Apply the workaround
Applying the workarounds may mitigate the impact of CVE-2024-22475 vulnerability.

For the details of the updates, refer to the information provided by the respective vendors on [Vendor Status] section.

Products Affected

• Printers and scanners which implement BROTHER Web Based Management
  As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed below.
• BROTHER INDUSTRIES, LTD.
• FUJIFILM Business Innovation Corp.
• Toshiba Tec Corporation
• RICOH COMPANY, LTD.