Two others, CVE-2024-51980 and CVE-2024-51981, allow server-side request forgery (SSRF), permitting printers to ship crafted requests into inner networks they shouldn’t be speaking to. In company environments, this might let attackers probe inner providers, bypass entry controls, or pivot deeper into the community. Lastly, CVE-2024-51984 exposes plaintext credentials for providers corresponding to LDAP or FTP to authenticated customers, providing a possible jump-off level for wider compromise.
Along with 689 fashions of Brother printers, scanners, and label makers, a few of the vulnerabilities have an effect on 46 Fujifilm fashions, 5 from Ricoh, 2 from Toshiba Tec, and 6 from Konica Minolta.
Apart from Brother’s admin bypass flaw, all vulnerabilities have been addressed by way of respective firmware updates, Rapid7 added.
