Description
EN
DE
A vulnerability has been found in Fujifilm Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /home/index.html#hashHome of the component Web Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains that the reported behaviors are intended or not reproduced.
In Fujifilm Apeos C3070, Apeos C5570 and Apeos C6580 bis 24.8.28 wurde eine kritische Schwachstelle gefunden. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /home/index.html#hashHome der Komponente Web Interface. Durch Beeinflussen mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. Zur Zeit ist nicht genau klar, ob diese Schwachstelle in der besagten Form wirklich existiert.
Reserved 2024-12-19 | Published 2024-12-19 | Updated 2024-12-27 | Assigner
VulDBMEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
HIGH: 7.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
HIGH: 7.3CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.5AV:N/AC:L/Au:N/C:P/I:P/A:P
Problem types
Improper Authorization
Incorrect Privilege Assignment
Product status
22.1.0
affected
22.1.1
affected
22.1.2
affected
22.1.3
affected
22.1.4
affected
22.1.5
affected
22.1.6
affected
22.1.7
affected
22.1.8
affected
22.1.9
affected
22.1.10
affected
22.1.11
affected
22.1.12
affected
22.1.13
affected
22.1.14
affected
22.1.15
affected
22.1.16
affected
22.1.17
affected
22.1.18
affected
22.1.19
affected
22.1.20
affected
22.1.21
affected
22.1.22
affected
22.1.23
affected
22.1.24
affected
22.1.25
affected
22.1.26
affected
22.1.27
affected
22.1.28
affected
22.12.0
affected
22.12.1
affected
22.12.2
affected
23.7.0
affected
23.7.1
affected
23.7.2
affected
23.7.3
affected
23.9.0
affected
23.9.1
affected
23.9.2
affected
23.9.3
affected
23.9.4
affected
23.9.5
affected
23.9.6
affected
23.9.7
affected
23.9.8
affected
23.9.9
affected
23.9.10
affected
23.9.11
affected
23.9.12
affected
23.9.13
affected
23.9.14
affected
23.9.15
affected
23.9.16
affected
23.12.0
affected
23.12.1
affected
23.12.2
affected
23.12.3
affected
23.12.4
affected
23.12.5
affected
23.12.6
affected
23.12.7
affected
23.12.8
affected
23.12.9
affected
23.12.10
affected
23.12.11
affected
23.12.12
affected
23.12.13
affected
23.12.14
affected
23.12.15
affected
24.2.0
affected
24.2.1
affected
24.2.2
affected
24.2.3
affected
24.2.4
affected
24.2.5
affected
24.2.6
affected
24.2.7
affected
24.2.8
affected
24.2.9
affected
24.2.10
affected
24.2.11
affected
24.2.12
affected
24.2.13
affected
24.2.14
affected
24.2.15
affected
24.5.0
affected
24.5.1
affected
24.8.0
affected
24.8.1
affected
24.8.2
affected
24.8.3
affected
24.8.4
affected
24.8.5
affected
24.8.6
affected
24.8.7
affected
24.8.8
affected
24.8.9
affected
24.8.10
affected
24.8.11
affected
24.8.12
affected
24.8.13
affected
24.8.14
affected
24.8.15
affected
24.8.16
affected
24.8.17
affected
24.8.18
affected
24.8.19
affected
24.8.20
affected
24.8.21
affected
24.8.22
affected
24.8.23
affected
24.8.24
affected
24.8.25
affected
24.8.26
affected
24.8.27
affected
24.8.28
affected
22.1.0
affected
22.1.1
affected
22.1.2
affected
22.1.3
affected
22.1.4
affected
22.1.5
affected
22.1.6
affected
22.1.7
affected
22.1.8
affected
22.1.9
affected
22.1.10
affected
22.1.11
affected
22.1.12
affected
22.1.13
affected
22.1.14
affected
22.1.15
affected
22.1.16
affected
22.1.17
affected
22.1.18
affected
22.1.19
affected
22.1.20
affected
22.1.21
affected
22.1.22
affected
22.1.23
affected
22.1.24
affected
22.1.25
affected
22.1.26
affected
22.1.27
affected
22.1.28
affected
22.12.0
affected
22.12.1
affected
22.12.2
affected
23.7.0
affected
23.7.1
affected
23.7.2
affected
23.7.3
affected
23.9.0
affected
23.9.1
affected
23.9.2
affected
23.9.3
affected
23.9.4
affected
23.9.5
affected
23.9.6
affected
23.9.7
affected
23.9.8
affected
23.9.9
affected
23.9.10
affected
23.9.11
affected
23.9.12
affected
23.9.13
affected
23.9.14
affected
23.9.15
affected
23.9.16
affected
23.12.0
affected
23.12.1
affected
23.12.2
affected
23.12.3
affected
23.12.4
affected
23.12.5
affected
23.12.6
affected
23.12.7
affected
23.12.8
affected
23.12.9
affected
23.12.10
affected
23.12.11
affected
23.12.12
affected
23.12.13
affected
23.12.14
affected
23.12.15
affected
24.2.0
affected
24.2.1
affected
24.2.2
affected
24.2.3
affected
24.2.4
affected
24.2.5
affected
24.2.6
affected
24.2.7
affected
24.2.8
affected
24.2.9
affected
24.2.10
affected
24.2.11
affected
24.2.12
affected
24.2.13
affected
24.2.14
affected
24.2.15
affected
24.5.0
affected
24.5.1
affected
24.8.0
affected
24.8.1
affected
24.8.2
affected
24.8.3
affected
24.8.4
affected
24.8.5
affected
24.8.6
affected
24.8.7
affected
24.8.8
affected
24.8.9
affected
24.8.10
affected
24.8.11
affected
24.8.12
affected
24.8.13
affected
24.8.14
affected
24.8.15
affected
24.8.16
affected
24.8.17
affected
24.8.18
affected
24.8.19
affected
24.8.20
affected
24.8.21
affected
24.8.22
affected
24.8.23
affected
24.8.24
affected
24.8.25
affected
24.8.26
affected
24.8.27
affected
24.8.28
affected
22.1.0
affected
22.1.1
affected
22.1.2
affected
22.1.3
affected
22.1.4
affected
22.1.5
affected
22.1.6
affected
22.1.7
affected
22.1.8
affected
22.1.9
affected
22.1.10
affected
22.1.11
affected
22.1.12
affected
22.1.13
affected
22.1.14
affected
22.1.15
affected
22.1.16
affected
22.1.17
affected
22.1.18
affected
22.1.19
affected
22.1.20
affected
22.1.21
affected
22.1.22
affected
22.1.23
affected
22.1.24
affected
22.1.25
affected
22.1.26
affected
22.1.27
affected
22.1.28
affected
22.12.0
affected
22.12.1
affected
22.12.2
affected
23.7.0
affected
23.7.1
affected
23.7.2
affected
23.7.3
affected
23.9.0
affected
23.9.1
affected
23.9.2
affected
23.9.3
affected
23.9.4
affected
23.9.5
affected
23.9.6
affected
23.9.7
affected
23.9.8
affected
23.9.9
affected
23.9.10
affected
23.9.11
affected
23.9.12
affected
23.9.13
affected
23.9.14
affected
23.9.15
affected
23.9.16
affected
23.12.0
affected
23.12.1
affected
23.12.2
affected
23.12.3
affected
23.12.4
affected
23.12.5
affected
23.12.6
affected
23.12.7
affected
23.12.8
affected
23.12.9
affected
23.12.10
affected
23.12.11
affected
23.12.12
affected
23.12.13
affected
23.12.14
affected
23.12.15
affected
24.2.0
affected
24.2.1
affected
24.2.2
affected
24.2.3
affected
24.2.4
affected
24.2.5
affected
24.2.6
affected
24.2.7
affected
24.2.8
affected
24.2.9
affected
24.2.10
affected
24.2.11
affected
24.2.12
affected
24.2.13
affected
24.2.14
affected
24.2.15
affected
24.5.0
affected
24.5.1
affected
24.8.0
affected
24.8.1
affected
24.8.2
affected
24.8.3
affected
24.8.4
affected
24.8.5
affected
24.8.6
affected
24.8.7
affected
24.8.8
affected
24.8.9
affected
24.8.10
affected
24.8.11
affected
24.8.12
affected
24.8.13
affected
24.8.14
affected
24.8.15
affected
24.8.16
affected
24.8.17
affected
24.8.18
affected
24.8.19
affected
24.8.20
affected
24.8.21
affected
24.8.22
affected
24.8.23
affected
24.8.24
affected
24.8.25
affected
24.8.26
affected
24.8.27
affected
24.8.28
affected
Timeline
2024-12-19: | Advisory disclosed |
2024-12-19: | VulDB entry created |
2024-12-27: | VulDB entry last update |
Credits
dycc (VulDB User) reporter
References
vuldb.com/?id.288958 (VDB-288958 | Fujifilm Apeos C3070/Apeos C5570/Apeos C6580 Web Interface index.html#hashHome improper authorization) vdb-entry technical-description
vuldb.com/?ctiid.288958 (VDB-288958 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required
vuldb.com/?submit.458897 (Submit #458897 | Fujifilm Business Innovation (China) Co., Ltd. Apeos C3070, Apeos C6580, Apeos C5570 printers Apeos C3070, Apeos C6580, Apeos C5570 unauthorized access) third-party-advisory
github.com/...ji/blob/main/Fujifilm Business Innovation.docx exploit
www.fujifilm.com/...pany/news/notice/2024/1226_announce.html related
cve.org (CVE-2024-12782)
nvd.nist.gov (CVE-2024-12782)
Download JSON
Subscribe to our newsletter to learn more about our work.