CVE-2026-4682

Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer overflow when specially crafted Web Services for Devices WSD scan requests are improperly validated and handled by the MFP. WSD Scan is a Microsoft Windows–based network scanning protocol that allo...

SHARP MFPs Out-of-Bounds Vulnerabilities (CVE-2024-42420)

Sharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities, due to improper processing of keyword search input and improper processing of SOAP messages. Crafted HTTP requests may cause affected products crashed. This plugin only works with Tenable.ot. Please visit...

New Research: Multifunction Printer (MFP) Security Concerns within the Enterprise Business Environment

Multifunction printers MFPs do far more than print. They scan, email, fax, store, and authenticate. That convenience comes with risk. Our latest report, Understanding Multifunction Printer MFP Security within the Enterprise Business Environment, from Rapid7’s Deral Heiland, Principal Security...

Siemens SIMATIC Devices Out-of-bounds Write (CVE-2021-4090)

An out-of-bounds OOB memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmvalbmlen-1 in nfsd4decodebitmap4 in fs/nfsd/nfs4xdr.c. In this flaw, a local attacker with user privilege may gain access to out-of-bounds memory, leading to a system...

Brother Industries多款产品 安全漏洞

Brother Industries HL-L8360CDW and others are products of Brother Industries, Japan.Brother Industries HL-L8360CDW is a multifunction printer.Brother Industries HL-L8260CDN is a laser printer. The Brother Industries HL-L8260CDW is a laser printer. A security vulnerability exists in various Brothe...

Xerox Versalink C7025 Multifunction Printer: Pass-Back Attack Vulnerabilities (FIXED)

During security testing, Rapid7 discovered that Xerox Versalink C7025 Multifunction printers MFPs were vulnerable to pass-back attacks. The affected products identified were: Xerox Versalink MFPs Firmware Version: 57.69.91 and earlier This issue has been assigned the following CVEs: CVE-2024-1251...

Sharp MFP和Toshiba MFP 安全漏洞

Sharp MFP is a series of multifunction printers from Sharp Corporation, Japan.Toshiba MFP is a series of printers from Toshiba Corporation, Japan. A security vulnerability exists in Sharp MFP and Toshiba MFP that stems from an out-of-bounds read issue that makes them susceptible to...

CVE-2024-47801

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser...

CVE-2024-45842

Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Unintended internal files may be retrieved when processing crafted HTTP requests...

October 22, 2024—KB5045594 (OS Build 19045.5073) Preview

October 22, 2024—KB5045594 OS Build 19045.5073 Preview 11/17/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 22H2, see its update history page. Note Follow...

Konica Minolta Password Extractor

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Konica Minolta Password Extractor', 'Description' = %q This module will extract FTP and SMB account usernames and passwords from Konica Minolta...

Sharp MFP Trust Management Issue Vulnerability

Sharp MFP is a series of multifunction printers from Sharp Japan. The Sharp MFP suffers from a trust management issue vulnerability that arises from hard-coded credential information for accessing an external site, which can be exploited by an attacker who improperly obtains the credential...

Sharp MFP Security Vulnerability

Sharp MFP is a series of multifunction printers from Sharp Japan. A security vulnerability exists in Sharp MFP that originates from a device web page that inadvertently sends information about credentials stored in the device, resulting in information disclosure...

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba Japan. A security vulnerability exists in Toshiba e-STUDIO that originates from the use of a vulnerable code set in some of the internal program code of the multifunction device, where information could be stolen ...

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba, Japan. A security vulnerability exists in Toshiba e-STUDIO, which originates from programs running under root privileges that, if hijacked by some means, could execute arbitrary code on the multifunction device...

CVE-2023-1329

A potential security vulnerability has been identified for certain HP multifunction printers MFPs. The vulnerability may lead to Buffer Overflow and/or Remote Code Execution when running HP Workpath solutions on potentially affected products...

CVE-2023-24575

Dell Multifunction Printer E525w Driver and Software Suite, versions prior to 1.047.2022, A05, contain a local privilege escalation vulnerability that could be exploited by malicious users to compromise the affected system...

Privilege escalation

Dell Multifunction Printer E525w Driver and Software Suite, versions prior to 1.047.2022, A05, contain a local privilege escalation vulnerability that could be exploited by malicious users to compromise the affected system...

CVE-2023-24575

Dell Multifunction Printer E525w Driver and Software Suite, versions prior to 1.047.2022, A05, contain a local privilege escalation vulnerability that could be exploited by malicious users to compromise the affected system...

PT-2023-19689 · Dell · Dell Multifunction Printer E525W Driver/Software Suite

Name of the Vulnerable Software and Affected Versions: Dell Multifunction Printer E525w Driver and Software Suite versions prior to 1.047.2022, A05 Description: The issue is a local privilege escalation vulnerability that could be exploited by malicious users to compromise the affected system...