Two others, CVE-2024-51980 and CVE-2024-51981, allow server-side request forgery (SSRF), permitting printers to ship crafted requests into inside networks they shouldn’t be speaking to. In company environments, this might let attackers probe inside providers, bypass entry controls, or pivot deeper into the community. Lastly, CVE-2024-51984 exposes plaintext credentials for providers equivalent to LDAP or FTP to authenticated customers, providing a possible jump-off level for wider compromise.
Along with 689 fashions of Brother printers, scanners, and label makers, a number of the vulnerabilities have an effect on 46 Fujifilm fashions, 5 from Ricoh, 2 from Toshiba Tec, and 6 from Konica Minolta.
Aside from Brother’s admin bypass flaw, all vulnerabilities have been addressed by way of respective firmware updates, Rapid7 added.
