We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-12782

Fujifilm Apeos C3070/Apeos C5570/Apeos C6580 Web Interface index.html#hashHome improper authorization



Description

EN DE

A vulnerability has been found in Fujifilm Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /home/index.html#hashHome of the component Web Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains that the reported behaviors are intended or not reproduced.

In Fujifilm Apeos C3070, Apeos C5570 and Apeos C6580 bis 24.8.28 wurde eine kritische Schwachstelle gefunden. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /home/index.html#hashHome der Komponente Web Interface. Durch Beeinflussen mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. Zur Zeit ist nicht genau klar, ob diese Schwachstelle in der besagten Form wirklich existiert.

Reserved 2024-12-19 | Published 2024-12-19 | Updated 2024-12-27 | Assigner VulDB


MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
HIGH: 7.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
HIGH: 7.3CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.5AV:N/AC:L/Au:N/C:P/I:P/A:P

Problem types

Improper Authorization

Incorrect Privilege Assignment

Product status

22.1.0
affected

22.1.1
affected

22.1.2
affected

22.1.3
affected

22.1.4
affected

22.1.5
affected

22.1.6
affected

22.1.7
affected

22.1.8
affected

22.1.9
affected

22.1.10
affected

22.1.11
affected

22.1.12
affected

22.1.13
affected

22.1.14
affected

22.1.15
affected

22.1.16
affected

22.1.17
affected

22.1.18
affected

22.1.19
affected

22.1.20
affected

22.1.21
affected

22.1.22
affected

22.1.23
affected

22.1.24
affected

22.1.25
affected

22.1.26
affected

22.1.27
affected

22.1.28
affected

22.12.0
affected

22.12.1
affected

22.12.2
affected

23.7.0
affected

23.7.1
affected

23.7.2
affected

23.7.3
affected

23.9.0
affected

23.9.1
affected

23.9.2
affected

23.9.3
affected

23.9.4
affected

23.9.5
affected

23.9.6
affected

23.9.7
affected

23.9.8
affected

23.9.9
affected

23.9.10
affected

23.9.11
affected

23.9.12
affected

23.9.13
affected

23.9.14
affected

23.9.15
affected

23.9.16
affected

23.12.0
affected

23.12.1
affected

23.12.2
affected

23.12.3
affected

23.12.4
affected

23.12.5
affected

23.12.6
affected

23.12.7
affected

23.12.8
affected

23.12.9
affected

23.12.10
affected

23.12.11
affected

23.12.12
affected

23.12.13
affected

23.12.14
affected

23.12.15
affected

24.2.0
affected

24.2.1
affected

24.2.2
affected

24.2.3
affected

24.2.4
affected

24.2.5
affected

24.2.6
affected

24.2.7
affected

24.2.8
affected

24.2.9
affected

24.2.10
affected

24.2.11
affected

24.2.12
affected

24.2.13
affected

24.2.14
affected

24.2.15
affected

24.5.0
affected

24.5.1
affected

24.8.0
affected

24.8.1
affected

24.8.2
affected

24.8.3
affected

24.8.4
affected

24.8.5
affected

24.8.6
affected

24.8.7
affected

24.8.8
affected

24.8.9
affected

24.8.10
affected

24.8.11
affected

24.8.12
affected

24.8.13
affected

24.8.14
affected

24.8.15
affected

24.8.16
affected

24.8.17
affected

24.8.18
affected

24.8.19
affected

24.8.20
affected

24.8.21
affected

24.8.22
affected

24.8.23
affected

24.8.24
affected

24.8.25
affected

24.8.26
affected

24.8.27
affected

24.8.28
affected

22.1.0
affected

22.1.1
affected

22.1.2
affected

22.1.3
affected

22.1.4
affected

22.1.5
affected

22.1.6
affected

22.1.7
affected

22.1.8
affected

22.1.9
affected

22.1.10
affected

22.1.11
affected

22.1.12
affected

22.1.13
affected

22.1.14
affected

22.1.15
affected

22.1.16
affected

22.1.17
affected

22.1.18
affected

22.1.19
affected

22.1.20
affected

22.1.21
affected

22.1.22
affected

22.1.23
affected

22.1.24
affected

22.1.25
affected

22.1.26
affected

22.1.27
affected

22.1.28
affected

22.12.0
affected

22.12.1
affected

22.12.2
affected

23.7.0
affected

23.7.1
affected

23.7.2
affected

23.7.3
affected

23.9.0
affected

23.9.1
affected

23.9.2
affected

23.9.3
affected

23.9.4
affected

23.9.5
affected

23.9.6
affected

23.9.7
affected

23.9.8
affected

23.9.9
affected

23.9.10
affected

23.9.11
affected

23.9.12
affected

23.9.13
affected

23.9.14
affected

23.9.15
affected

23.9.16
affected

23.12.0
affected

23.12.1
affected

23.12.2
affected

23.12.3
affected

23.12.4
affected

23.12.5
affected

23.12.6
affected

23.12.7
affected

23.12.8
affected

23.12.9
affected

23.12.10
affected

23.12.11
affected

23.12.12
affected

23.12.13
affected

23.12.14
affected

23.12.15
affected

24.2.0
affected

24.2.1
affected

24.2.2
affected

24.2.3
affected

24.2.4
affected

24.2.5
affected

24.2.6
affected

24.2.7
affected

24.2.8
affected

24.2.9
affected

24.2.10
affected

24.2.11
affected

24.2.12
affected

24.2.13
affected

24.2.14
affected

24.2.15
affected

24.5.0
affected

24.5.1
affected

24.8.0
affected

24.8.1
affected

24.8.2
affected

24.8.3
affected

24.8.4
affected

24.8.5
affected

24.8.6
affected

24.8.7
affected

24.8.8
affected

24.8.9
affected

24.8.10
affected

24.8.11
affected

24.8.12
affected

24.8.13
affected

24.8.14
affected

24.8.15
affected

24.8.16
affected

24.8.17
affected

24.8.18
affected

24.8.19
affected

24.8.20
affected

24.8.21
affected

24.8.22
affected

24.8.23
affected

24.8.24
affected

24.8.25
affected

24.8.26
affected

24.8.27
affected

24.8.28
affected

22.1.0
affected

22.1.1
affected

22.1.2
affected

22.1.3
affected

22.1.4
affected

22.1.5
affected

22.1.6
affected

22.1.7
affected

22.1.8
affected

22.1.9
affected

22.1.10
affected

22.1.11
affected

22.1.12
affected

22.1.13
affected

22.1.14
affected

22.1.15
affected

22.1.16
affected

22.1.17
affected

22.1.18
affected

22.1.19
affected

22.1.20
affected

22.1.21
affected

22.1.22
affected

22.1.23
affected

22.1.24
affected

22.1.25
affected

22.1.26
affected

22.1.27
affected

22.1.28
affected

22.12.0
affected

22.12.1
affected

22.12.2
affected

23.7.0
affected

23.7.1
affected

23.7.2
affected

23.7.3
affected

23.9.0
affected

23.9.1
affected

23.9.2
affected

23.9.3
affected

23.9.4
affected

23.9.5
affected

23.9.6
affected

23.9.7
affected

23.9.8
affected

23.9.9
affected

23.9.10
affected

23.9.11
affected

23.9.12
affected

23.9.13
affected

23.9.14
affected

23.9.15
affected

23.9.16
affected

23.12.0
affected

23.12.1
affected

23.12.2
affected

23.12.3
affected

23.12.4
affected

23.12.5
affected

23.12.6
affected

23.12.7
affected

23.12.8
affected

23.12.9
affected

23.12.10
affected

23.12.11
affected

23.12.12
affected

23.12.13
affected

23.12.14
affected

23.12.15
affected

24.2.0
affected

24.2.1
affected

24.2.2
affected

24.2.3
affected

24.2.4
affected

24.2.5
affected

24.2.6
affected

24.2.7
affected

24.2.8
affected

24.2.9
affected

24.2.10
affected

24.2.11
affected

24.2.12
affected

24.2.13
affected

24.2.14
affected

24.2.15
affected

24.5.0
affected

24.5.1
affected

24.8.0
affected

24.8.1
affected

24.8.2
affected

24.8.3
affected

24.8.4
affected

24.8.5
affected

24.8.6
affected

24.8.7
affected

24.8.8
affected

24.8.9
affected

24.8.10
affected

24.8.11
affected

24.8.12
affected

24.8.13
affected

24.8.14
affected

24.8.15
affected

24.8.16
affected

24.8.17
affected

24.8.18
affected

24.8.19
affected

24.8.20
affected

24.8.21
affected

24.8.22
affected

24.8.23
affected

24.8.24
affected

24.8.25
affected

24.8.26
affected

24.8.27
affected

24.8.28
affected

Timeline

2024-12-19:Advisory disclosed
2024-12-19:VulDB entry created
2024-12-27:VulDB entry last update

Credits

dycc (VulDB User) reporter

References

vuldb.com/?id.288958 (VDB-288958 | Fujifilm Apeos C3070/Apeos C5570/Apeos C6580 Web Interface index.html#hashHome improper authorization) vdb-entry technical-description

vuldb.com/?ctiid.288958 (VDB-288958 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.458897 (Submit #458897 | Fujifilm Business Innovation (China) Co., Ltd. Apeos C3070, Apeos C6580, Apeos C5570 printers Apeos C3070, Apeos C6580, Apeos C5570 unauthorized access) third-party-advisory

github.com/...ji/blob/main/Fujifilm Business Innovation.docx exploit

www.fujifilm.com/...pany/news/notice/2024/1226_announce.html related

cve.org (CVE-2024-12782)

nvd.nist.gov (CVE-2024-12782)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-12782

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.