Lucene search
+L

360 matches found

cvelist
cvelist
โ€ขadded 2025/06/25 7:28 a.m.โ€ข14 views

CVE-2024-51984 Authenticated disclosure of external service passwords via pass-back attack affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc.

An authenticated attacker can reconfigure the target device to use an external service such as LDAP or FTP controlled by the attacker. If an existing password is present for an external service, the attacker can force the target device to authenticate to an attacker controlled device using the...

6.8CVSS0.00846EPSS
Exploits0References10
vulnrichment
vulnrichment
โ€ขadded 2025/06/25 7:26 a.m.โ€ข7 views

CVE-2024-51983 Unauthenticated Denial of Service (DoS) via malformed WS-Scan request affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc.

An unauthenticated attacker who can connect to the Web Services feature HTTP TCP port 80 can issue a WS-Scan SOAP request containing an unexpected JobToken value which will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the...

7.5CVSS7.3AI score0.07833EPSS
Exploits0References9
cvelist
cvelist
โ€ขadded 2025/06/25 7:26 a.m.โ€ข26 views

CVE-2024-51983 Unauthenticated Denial of Service (DoS) via malformed WS-Scan request affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc.

An unauthenticated attacker who can connect to the Web Services feature HTTP TCP port 80 can issue a WS-Scan SOAP request containing an unexpected JobToken value which will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the...

7.5CVSS0.07833EPSS
Exploits0References9
vulnrichment
vulnrichment
โ€ขadded 2025/06/25 7:25 a.m.โ€ข3 views

CVE-2024-51982 Unauthenticated Denial of Service (DoS) via malformed PJL request affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, and Ricoh.

An unauthenticated attacker who can connect to TCP port 9100 can issue a Printer Job Language PJL command that will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device. A malformed PJL variable FORMLINES is set to a non...

7.5CVSS7.3AI score0.07127EPSS
Exploits0References6
cve
cve
โ€ขadded 2025/06/25 7:25 a.m.โ€ข29 views

CVE-2024-51982

CVE-2024-51982: Unauthenticated attacker on TCP port 9100 can send Printer Job Language (PJL) commands to crash the target device (then reboot) and can repeat the crash. Root cause cited: malformed FORMLINES (non-numeric value). Affected models span Brother devices and additional vendors in the c...

7.5CVSS7.3AI score0.07127EPSS
Exploits0References6
cvelist
cvelist
โ€ขadded 2025/06/25 7:25 a.m.โ€ข13 views

CVE-2024-51982 Unauthenticated Denial of Service (DoS) via malformed PJL request affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, and Ricoh.

An unauthenticated attacker who can connect to TCP port 9100 can issue a Printer Job Language PJL command that will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device. A malformed PJL variable FORMLINES is set to a non...

7.5CVSS0.07127EPSS
Exploits0References6
vulnrichment
vulnrichment
โ€ขadded 2025/06/25 7:23 a.m.โ€ข7 views

CVE-2024-51981 Unauthenticated Server Side Request Forgery (SSRF) via WS-Eventing affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, and Toshiba Tec, and Konica Minolta, Inc.

An unauthenticated attacker may perform a blind server side request forgery SSRF, due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The attacker can control al...

5.3CVSS7.5AI score0.00822EPSS
Exploits0References10
cvelist
cvelist
โ€ขadded 2025/06/25 7:23 a.m.โ€ข21 views

CVE-2024-51981 Unauthenticated Server Side Request Forgery (SSRF) via WS-Eventing affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, and Toshiba Tec, and Konica Minolta, Inc.

An unauthenticated attacker may perform a blind server side request forgery SSRF, due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The attacker can control al...

5.3CVSS0.00822EPSS
Exploits0References10
cve
cve
โ€ขadded 2025/06/25 7:22 a.m.โ€ข32 views

CVE-2024-51980

CVE-2024-51980 is an unauthenticated SSRF that, via WS-Addressing ReplyTo in a SOAP web service on HTTP (port 80), forces affected devices to open a TCP connection to an arbitrary IP/port. The vulnerability is reported across multiple Brother Konica Minolta, FUJIFILM, Ricoh, and Toshiba devices (...

5.3CVSS7.3AI score0.00858EPSS
Exploits0References10
cvelist
cvelist
โ€ขadded 2025/06/25 7:22 a.m.โ€ข36 views

CVE-2024-51980 Unauthenticated Server Side Request Forgery (SSRF) via WS-Addressing affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc.

An unauthenticated attacker may perform a limited server side request forgery SSRF, forcing the target device to open a TCP connection to an arbitrary port number on an arbitrary IP address. This SSRF leverages the WS-Addressing ReplyTo element in a Web service HTTP TCP port 80 SOAP request. The...

5.3CVSS0.00858EPSS
Exploits0References10
vulnrichment
vulnrichment
โ€ขadded 2025/06/25 7:20 a.m.โ€ข3 views

CVE-2024-51979 Authenticated stack based buffer overflow affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, and Konica Minolta, Inc.

An authenticated attacker may trigger a stack based buffer overflow by performing a malformed request to either the HTTP service TCP port 80, the HTTPS service TCP port 443, or the IPP service TCP port 631. The malformed request will contain an empty Origin header value and a malformed Referer...

7.2CVSS7.5AI score0.01056EPSS
Exploits0References9
cve
cve
โ€ขadded 2025/06/25 7:17 a.m.โ€ข119 views

CVE-2024-51978

CVE-2024-51978 enables an unauthenticated attacker to derive the deviceโ€™s default administrator password by leaking the device serial number. The serial number can be exposed via CVE-2024-51977 (through HTTP, HTTPS, IPP), or via PJL or SNMP requests, allowing remote compromise of Brother and Koni...

9.8CVSS7.5AI score0.23635EPSS
In wildExploits0References13
vulnrichment
vulnrichment
โ€ขadded 2025/06/25 7:17 a.m.โ€ข7 views

CVE-2024-51978 Authentication bypass via default password generation affecting multiple models from Brother Industries, Ltd, Toshiba Tec, and Konica Minolta, Inc.

An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP...

9.8CVSS7.5AI score0.23635EPSS
Exploits0References10
cvelist
cvelist
โ€ขadded 2025/06/25 7:17 a.m.โ€ข153 views

CVE-2024-51978 Authentication bypass via default password generation affecting multiple models from Brother Industries, Ltd, Toshiba Tec, and Konica Minolta, Inc.

An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP...

9.8CVSS0.23635EPSS
Exploits0References10
cvelist
cvelist
โ€ขadded 2025/06/25 7:15 a.m.โ€ข18 views

CVE-2024-51977 Unauthenticated leak of sensitive information affecting multiple models from Brother Industries, Ltd., FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc.

An unauthenticated attacker who can access either the HTTP service TCP port 80, the HTTPS service TCP port 443, or the IPP service TCP port 631, can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mntinfo.csv can be accessed via a GET request and no...

5.3CVSS0.77472EPSS
Exploits0References11
cve
cve
โ€ขadded 2025/06/25 7:15 a.m.โ€ข91 views

CVE-2024-51977

CVE-2024-51977 affects at least one Brother multiโ€‘function device (notably the MFCโ€‘L9570CDW) where an unauthenticated attacker can reach the HTTP/HTTPS/IPP services on ports 80/443/631 and retrieve /etc/mnt_info.csv. The CSV exposes device info including model, firmware version, IP address, and s...

5.3CVSS7.2AI score0.77472EPSS
In wildExploits0References11
cnnvd
cnnvd
โ€ขadded 2025/06/25 12:0 a.m.โ€ข23 views

Brother Industries Multiple driver installers for Windows ๅฎ‰ๅ…จๆผๆดž

Brother Industries Multiple driver installers for Windows is a driver software from Brother Industries, Japan. A security vulnerability exists in Brother Industries Multiple driver installers for Windows, which can be exploited by an unauthenticated attacker to generate a default administrator...

9.8CVSS8.3AI score0.23635EPSS
Exploits0References13
cnnvd
cnnvd
โ€ขadded 2025/06/25 12:0 a.m.โ€ข4 views

Brother Industries Multiple driver installers for Windows ๅฎ‰ๅ…จๆผๆดž

Brother Industries Multiple driver installers for Windows is a driver software from Brother Industries, Japan. A security vulnerability exists in Brother Industries Multiple driver installers for Windows that originates from an unauthenticated attacker being able to perform blind server-side...

5.3CVSS9.2AI score0.00822EPSS
Exploits0References11
cnnvd
cnnvd
โ€ขadded 2025/06/25 12:0 a.m.โ€ข5 views

Brother Industries Multiple driver installers for Windows ๅฎ‰ๅ…จๆผๆดž

Brother Industries Multiple driver installers for Windows is a driver software from Brother Industries, Japan. A security vulnerability exists in Brother Industries Multiple driver installers for Windows that originates from a verified attacker who can reconfigure the target device to use an...

6.8CVSS9AI score0.00846EPSS
Exploits0References11
rapid7blog
rapid7blog
โ€ขadded 2025/06/25 12:0 a.m.โ€ข10 views

Multiple Brother Devices: Multiple Vulnerabilities (FIXED)

Overview Update June 25, 2025: Update statistics to reflect an additional 6 affected models from Konica Minolta, Inc. Rapid7 conducted a zero-day research project into multifunction printers MFP from Brother Industries, Ltd. This research resulted in the discovery of 8 new vulnerabilities. Some o...

9.8CVSS9.7AI score0.77472EPSS
Exploits0
Rows per page
Query Builder