Common Weakness Enumeration

CWE-1286

Allowed

Improper Validation of Syntactic Correctness of Input

Abstraction: Base · Status: Incomplete

The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.

150 vulnerabilities reference this CWE, most recent first.

CVE-2024-51982 (GCVE-0-2024-51982)

Vulnerability from cvelistv5 – Published: 2025-06-25 07:25 – Updated: 2026-04-02 14:05
VLAI
Title
Unauthenticated Denial of Service (DoS) via malformed PJL request affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, and Ricoh.
Summary
An unauthenticated attacker who can connect to TCP port 9100 can issue a Printer Job Language (PJL) command that will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device. A malformed PJL variable FORMLINES is set to a non number value causing the target to crash.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1286 - Improper Validation of Syntactic Correctness of Input
Assigner
Impacted products
Vendor Product Version
Brother Industries, Ltd HL-L8260CDN Affected: 0 , ≤ 1.65(ZH) (semver)
Create a notification for this product.
Brother Industries, Ltd HL-L8260CDW Affected: 0 , ≤ 1.65(ZH) (semver)
Create a notification for this product.
Brother Industries, Ltd HL-L8360CDW Affected: 0 , ≤ 1.68(ZG) (semver)
Create a notification for this product.
Brother Industries, Ltd HL-L8360CDWT Affected: 0 , ≤ 1.68(ZG) (semver)
Create a notification for this product.
Brother Industries, Ltd HL-L9310CDW Affected: 0 , ≤ 1.68(ZG) (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-L8410CDW Affected: 0 , ≤ ZK (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L8610CDW Affected: 0 , ≤ ZK (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L8690CDW Affected: 0 , ≤ ZK (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L8900CDW Affected: 0 , ≤ ZM (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L9570CDW Affected: 0 , ≤ ZM (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L9577CDW Affected: 0 , ≤ ZM (semver)
Create a notification for this product.
Brother Industries, Ltd HL-L2325DW Affected: 0 , ≤ 1.74(ZE) (semver)
Create a notification for this product.
Brother Industries, Ltd HL-L2350DW Affected: 0 , ≤ 1.74(ZE) (semver)
Create a notification for this product.
Brother Industries, Ltd HL-L2351DW Affected: 0 , ≤ 1.74(ZE) (semver)
Create a notification for this product.
Brother Industries, Ltd HL-L2352DW Affected: 0 , ≤ 1.74(ZE) (semver)
Create a notification for this product.
Brother Industries, Ltd HL-L2357DW Affected: 0 , ≤ 1.74(ZE) (semver)
Create a notification for this product.
Brother Industries, Ltd HL-L2370DN Affected: 0 , ≤ 1.74(ZE) (semver)
Create a notification for this product.
Brother Industries, Ltd HL-L2371DN Affected: 0 , ≤ 1.74(ZE) (semver)
Create a notification for this product.
Brother Industries, Ltd HL-L2372DN Affected: 0 , ≤ 1.74(ZE) (semver)
Create a notification for this product.
Brother Industries, Ltd HL-2590DN Affected: 0 , ≤ 1.74(ZE) (semver)
Create a notification for this product.
Brother Industries, Ltd HL-L2370DW Affected: 0 , ≤ 1.74(ZE) (semver)
Create a notification for this product.
Brother Industries, Ltd HL-L2370DWXL Affected: 0 , ≤ 1.74(ZE) (semver)
Create a notification for this product.
Brother Industries, Ltd HL-L2375DW Affected: 0 , ≤ 1.74(ZE) (semver)
Create a notification for this product.
Brother Industries, Ltd HL-L2376DW Affected: 0 , ≤ 1.74(ZE) (semver)
Create a notification for this product.
Brother Industries, Ltd HL-B2050DN Affected: 0 , ≤ 1.74(ZE) (semver)
Create a notification for this product.
Brother Industries, Ltd HL-B2080DW Affected: 0 , ≤ 1.74(ZE) (semver)
Create a notification for this product.
Brother Industries, Ltd HL-L2385DW Affected: 0 , ≤ 1.74(ZE) (semver)
Create a notification for this product.
Brother Industries, Ltd HL-L2386DW Affected: 0 , ≤ 1.74(ZE) (semver)
Create a notification for this product.
Brother Industries, Ltd HL-2595DW Affected: 0 , ≤ 1.74(ZE) (semver)
Create a notification for this product.
Brother Industries, Ltd HL-L2350DWR Affected: 0 , ≤ 1.74(ZE) (semver)
Create a notification for this product.
Brother Industries, Ltd HL-L2370DNR Affected: 0 , ≤ 1.74(ZE) (semver)
Create a notification for this product.
Brother Industries, Ltd HL-L2375DWR Affected: 0 , ≤ 1.74(ZE) (semver)
Create a notification for this product.
Brother Industries, Ltd HL-L2395DW Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L2730DW Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L2732DW Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L2750DW Affected: A , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L2750DWXL Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L2751DW Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L2770DW Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L2771DW Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L2730DWR Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L2750DWR Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-7195DW Affected: 0 , ≤ R (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-7895DW Affected: 0 , ≤ R (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L2730DN Affected: 0 , ≤ R (semver)
Create a notification for this product.
Brother Industries, Ltd HL-L2390DW Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-L2530DW Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-L2531DW Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-L2532DW Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-L2535DW Affected: A , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-L2537DW Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-B7520DW Affected: 0 , ≤ V (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-L2550DN Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-L2550DW Affected: A , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-L2551DN Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-L2551DW Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-L2552DN Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-B7535DW Affected: 0 , ≤ V (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L2690DW Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L2710DN Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L2712DN Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L2710DW Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L2712DW Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L2713DW Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L2715DW Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L2716DW Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L2717DW Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-B7715DW Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-L2530DWR Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-L2550DNR Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L2710DNR Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L2710DWR Affected: 0 , ≤ ZC (semver)
Create a notification for this product.
Brother Industries, Ltd FAX-L2710DN Affected: 0 , ≤ R (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-7190DN Affected: 0 , ≤ V (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-B7530DN Affected: 0 , ≤ V (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-7890DN Affected: 0 , ≤ V (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-B7720DN Affected: 0 , ≤ V (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-7090DW Affected: 0 , ≤ M (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-7190DW Affected: 0 , ≤ M (semver)
Create a notification for this product.
Brother Industries, Ltd HL-L3210CW Affected: 0 , ≤ 1.39(ZA) (semver)
Create a notification for this product.
Brother Industries, Ltd HL-L3230CDN Affected: 0 , ≤ 1.39(ZA) (semver)
Create a notification for this product.
Brother Industries, Ltd HL-L3230CDW Affected: 0 , ≤ 1.39(ZA) (semver)
Create a notification for this product.
Brother Industries, Ltd HL-3160CDW Affected: 0 , ≤ 1.39(ZA) (semver)
Create a notification for this product.
Brother Industries, Ltd HL-L3270CDW Affected: 0 , ≤ 1.36(ZA) (semver)
Create a notification for this product.
Brother Industries, Ltd HL-3190CDW Affected: 0 , ≤ 1.36(ZA) (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-L3510CDW Affected: 0 , ≤ ZA (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-L3517CDW Affected: 0 , ≤ ZA (semver)
Create a notification for this product.
Brother Industries, Ltd HL-L3290CDW Affected: 0 , ≤ ZA (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-L3551CDW Affected: 0 , ≤ ZA (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-L3550CDW Affected: 0 , ≤ ZE (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-9030CDN Affected: 0 , ≤ ZE (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L3710CDW Affected: 0 , ≤ ZE (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L3730CDN Affected: 0 , ≤ ZE (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-9150CDN Affected: 0 , ≤ ZE (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L3735CDN Affected: 0 , ≤ ZE (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L3745CDW Affected: 0 , ≤ ZE (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L3750CDW Affected: 0 , ≤ ZE (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-9350CDW Affected: 0 , ≤ ZE (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L3770CDW Affected: A , ≤ ZE (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-T520W Affected: 0 , ≤ 1.21(M) (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-T525W Affected: 0 , ≤ 1.21(M) (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-T720DW Affected: 0 , ≤ 1.20(L) (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-T725DW Affected: 0 , ≤ 1.20(L) (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-T820DW Affected: 0 , ≤ 1.20(L) (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-T825DW Affected: 0 , ≤ 1.20(L) (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-T920DW Affected: 0 , ≤ 1.23(N) (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-T925DW Affected: 0 , ≤ 1.23(N) (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-T220 Affected: 0 , ≤ 1.27(K) (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-T225 Affected: 0 , ≤ 1.27(K) (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-T226 Affected: 0 , ≤ 1.27(K) (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-T420W Affected: 0 , ≤ 1.27(K) (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-T425W Affected: 0 , ≤ 1.27(K) (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-T426W Affected: 0 , ≤ 1.27(K) (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-T428W Affected: 0 , ≤ 1.27(K) (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-C421W Affected: 0 , ≤ 1.04(D) (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J805DW Affected: 0 , ≤ J (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-J1100DW Affected: 0 , ≤ P (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J995DW Affected: 0 , ≤ P (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J1300DW Affected: 0 , ≤ P (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-J988N Affected: 0 , ≤ Q (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J1500N Affected: 0 , ≤ P (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J1605DN Affected: 0 , ≤ K (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J5845DW(XL) Affected: 0 , ≤ N (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J5945DW Affected: 0 , ≤ T (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J6945DW Affected: 0 , ≤ T (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J6947DW Affected: 0 , ≤ T (semver)
Create a notification for this product.
Brother Industries, Ltd HL-J6000DW Affected: 0 , ≤ S (semver)
Create a notification for this product.
Brother Industries, Ltd HL-J6100DW Affected: 0 , ≤ S (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J6997CDW Affected: 0 , ≤ T (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J6999CDW Affected: 0 , ≤ T (semver)
Create a notification for this product.
Brother Industries, Ltd HL-J6000CDW Affected: 0 , ≤ S (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-T4500DW Affected: 0 , ≤ P (semver)
Create a notification for this product.
Brother Industries, Ltd HL-T4000DW Affected: 0 , ≤ N (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J5330DW Affected: 0 , ≤ W (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J5335DW Affected: 0 , ≤ W (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J2330DW Affected: 0 , ≤ W (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J5730DW Affected: 0 , ≤ Y (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J5830DW Affected: 0 , ≤ Y (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J5930DW Affected: 0 , ≤ Y (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J2730DW Affected: 0 , ≤ Y (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J6530DW Affected: 0 , ≤ W (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J6730DW Affected: 0 , ≤ W (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J3530DW Affected: 0 , ≤ W (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J6930DW Affected: 0 , ≤ Z (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J6935DW Affected: 0 , ≤ Z (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J3930DW Affected: 0 , ≤ Z (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J6535DW Affected: 0 , ≤ Z (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J6580CDW Affected: 0 , ≤ R (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J6980CDW Affected: 0 , ≤ S (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J6995CDW Affected: 0 , ≤ S (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J5630CDW Affected: 0 , ≤ L (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J6583CDW Affected: 0 , ≤ K (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J6983CDW Affected: 0 , ≤ N (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-T510W Affected: 0 , ≤ Q (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-T710W Affected: 0 , ≤ Q (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-T810W Affected: 0 , ≤ Q (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-T910DW Affected: 0 , ≤ Q (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-J572DW Affected: 0 , ≤ P (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J491DW Affected: 0 , ≤ Q (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J497DW Affected: 0 , ≤ Q (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-J772DW Affected: 0 , ≤ T (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-J774DW Affected: 0 , ≤ T (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J890DW Affected: 0 , ≤ T (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J895DW Affected: 0 , ≤ T (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J690DW Affected: 0 , ≤ T (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-J572N Affected: 0 , ≤ W (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-J577N Affected: 0 , ≤ W (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-J582N Affected: 0 , ≤ W (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-J972N Affected: 0 , ≤ Y (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-J973N-W/B Affected: 0 , ≤ Y (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-J978N-W/B Affected: 0 , ≤ Y (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-J981N Affected: 0 , ≤ Y (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-J982N-W/B Affected: 0 , ≤ Y (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J893N Affected: 0 , ≤ X (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J898N Affected: 0 , ≤ X (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J738DN Affected: 0 , ≤ M (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J738DWN Affected: 0 , ≤ M (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J998DN Affected: 0 , ≤ M (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J998DWN Affected: 0 , ≤ M (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-J587N Affected: A , ≤ F (semver)
Create a notification for this product.
FUJIFILM Business Innovation DocuPrint P235 d Affected: 0 , ≤ 1.15 (semver)
Create a notification for this product.
FUJIFILM Business Innovation DocuPrint P275 dw Affected: 0 , ≤ 1.15 (semver)
Create a notification for this product.
FUJIFILM Business Innovation DocuPrint P285 dw Affected: 0 , ≤ 1.15 (semver)
Create a notification for this product.
FUJIFILM Business Innovation DocuPrint P288 dw Affected: 0 , ≤ 1.15 (semver)
Create a notification for this product.
FUJIFILM Business Innovation DocuPrint M235 dw Affected: 0 , ≤ K (semver)
Create a notification for this product.
FUJIFILM Business Innovation DocuPrint M235 z Affected: 0 , ≤ K (semver)
Create a notification for this product.
FUJIFILM Business Innovation DocuPrint M275 z Affected: 0 , ≤ L (semver)
Create a notification for this product.
FUJIFILM Business Innovation DocuPrint M285 z Affected: 0 , ≤ L (semver)
Create a notification for this product.
FUJIFILM Business Innovation DocuPrint M288 dw Affected: 0 , ≤ E (semver)
Create a notification for this product.
FUJIFILM Business Innovation DocuPrint M288 z Affected: 0 , ≤ E (semver)
Create a notification for this product.
RICOH SP 230DNw Affected: 0 , ≤ 1.07(G) (semver)
Create a notification for this product.
RICOH P 201W Affected: 0 , ≤ 1.03D(D) (semver)
Create a notification for this product.
RICOH M 340W Affected: 0 , ≤ G (semver)
Create a notification for this product.
RICOH SP 230SFNw Affected: 0 , ≤ J (semver)
Create a notification for this product.
RICOH M 340FW Affected: 0 , ≤ H (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-J987N-W/B Affected: A , ≤ F (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-T510W(China) Affected: A , ≤ N (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-T710W(China) Affected: A , ≤ N (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J805DWXL Affected: A , ≤ J (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J815DWXL Affected: A , ≤ J (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J995DWXL Affected: A , ≤ P (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-T810W(China) Affected: A , ≤ N (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-B7520DW (China) Affected: A , ≤ V (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-B7535DW (China) Affected: A , ≤ V (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-L2535DW (China) Affected: A , ≤ M (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-L2550DW (China) Affected: A , ≤ M (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-L2550DW (Japan) Affected: A , ≤ R (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-L2550DW (Taiwan) Affected: A , ≤ V (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L2715DW (Taiwan/Korea/Hong Kong) Affected: A , ≤ V (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L2750DW (Japan) Affected: A , ≤ R (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L3770CDW (Japan) Affected: A , ≤ ZA (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L8610CDW (Japan) Affected: A , ≤ ZD (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-L9570CDW (Japan) Affected: A , ≤ ZD (semver)
Create a notification for this product.
Brother Industries, Ltd ADS-2400N Affected: A , ≤ T (semver)
Create a notification for this product.
Brother Industries, Ltd ADS-2800W Affected: A , ≤ T (semver)
Create a notification for this product.
Brother Industries, Ltd ADS-3000N Affected: A , ≤ T (semver)
Create a notification for this product.
Brother Industries, Ltd ADS-3600W Affected: A , ≤ T (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-J973N W/B Affected: A , ≤ Y (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-J978N W/B Affected: A , ≤ Y (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-J982N W/B Affected: A , ≤ Y (semver)
Create a notification for this product.
Brother Industries, Ltd DCP-J987N W/B Affected: A , ≤ F (semver)
Create a notification for this product.
Brother Industries, Ltd MFC-J903N Affected: A , ≤ X (semver)
Create a notification for this product.
Date Public
2025-06-25 08:00
Credits
Stephen Fewer, Principal Security Researcher at Rapid7
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-51982",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-25T12:27:43.868452Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-25T12:41:13.649Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "HL-L8260CDN",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.65(ZH)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-L8260CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.65(ZH)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-L8360CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.68(ZG)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-L8360CDWT",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.68(ZG)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-L9310CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.68(ZG)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-L8410CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZK",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L8610CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZK",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L8690CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZK",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L8900CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZM",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L9570CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZM",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L9577CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZM",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-L2325DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.74(ZE)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-L2350DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.74(ZE)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-L2351DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.74(ZE)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-L2352DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.74(ZE)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-L2357DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.74(ZE)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-L2370DN",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.74(ZE)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-L2371DN",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.74(ZE)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-L2372DN",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.74(ZE)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-2590DN",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.74(ZE)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-L2370DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.74(ZE)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-L2370DWXL",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.74(ZE)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-L2375DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.74(ZE)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-L2376DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.74(ZE)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-B2050DN",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.74(ZE)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-B2080DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.74(ZE)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-L2385DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.74(ZE)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-L2386DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.74(ZE)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-2595DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.74(ZE)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-L2350DWR",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.74(ZE)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-L2370DNR",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.74(ZE)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-L2375DWR",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.74(ZE)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-L2395DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L2730DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L2732DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L2750DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L2750DWXL",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L2751DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L2770DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L2771DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L2730DWR",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L2750DWR",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-7195DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "R",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-7895DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "R",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L2730DN",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "R",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-L2390DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-L2530DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-L2531DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-L2532DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-L2535DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-L2537DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-B7520DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "V",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-L2550DN",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-L2550DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-L2551DN",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-L2551DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-L2552DN",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-B7535DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "V",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L2690DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L2710DN",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L2712DN",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L2710DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L2712DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L2713DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L2715DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L2716DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L2717DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-B7715DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-L2530DWR",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-L2550DNR",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L2710DNR",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L2710DWR",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZC",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FAX-L2710DN",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "R",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-7190DN",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "V",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-B7530DN",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "V",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-7890DN",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "V",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-B7720DN",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "V",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-7090DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "M",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-7190DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "M",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-L3210CW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.39(ZA)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-L3230CDN",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.39(ZA)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-L3230CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.39(ZA)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-3160CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.39(ZA)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-L3270CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.36(ZA)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-3190CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.36(ZA)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-L3510CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZA",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-L3517CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZA",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-L3290CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZA",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-L3551CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZA",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-L3550CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZE",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-9030CDN",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZE",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L3710CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZE",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L3730CDN",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZE",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-9150CDN",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZE",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L3735CDN",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZE",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L3745CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZE",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L3750CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZE",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-9350CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZE",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L3770CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZE",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-T520W",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.21(M)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-T525W",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.21(M)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-T720DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.20(L)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-T725DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.20(L)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-T820DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.20(L)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-T825DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.20(L)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-T920DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.23(N)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-T925DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.23(N)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-T220",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.27(K)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-T225",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.27(K)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-T226",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.27(K)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-T420W",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.27(K)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-T425W",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.27(K)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-T426W",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.27(K)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-T428W",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.27(K)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-C421W",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "1.04(D)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J805DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "J",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-J1100DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "P",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J995DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "P",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J1300DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "P",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-J988N",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "Q",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J1500N",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "P",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J1605DN",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "K",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J5845DW(XL)",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "N",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J5945DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "T",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J6945DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "T",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J6947DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "T",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-J6000DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "S",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-J6100DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "S",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J6997CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "T",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J6999CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "T",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-J6000CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "S",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-T4500DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "P",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HL-T4000DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "N",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J5330DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "W",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J5335DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "W",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J2330DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "W",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J5730DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "Y",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J5830DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "Y",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J5930DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "Y",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J2730DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "Y",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J6530DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "W",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J6730DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "W",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J3530DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "W",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J6930DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "Z",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J6935DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "Z",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J3930DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "Z",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J6535DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "Z",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J6580CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "R",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J6980CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "S",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J6995CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "S",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J5630CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "L",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J6583CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "K",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J6983CDW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "N",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-T510W",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "Q",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-T710W",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "Q",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-T810W",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "Q",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-T910DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "Q",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-J572DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "P",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J491DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "Q",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J497DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "Q",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-J772DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "T",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-J774DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "T",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J890DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "T",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J895DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "T",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J690DW",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "T",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-J572N",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "W",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-J577N",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "W",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-J582N",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "W",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-J972N",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "Y",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-J973N-W/B",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "Y",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-J978N-W/B",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "Y",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-J981N",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "Y",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-J982N-W/B",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "Y",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J893N",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "X",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J898N",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "X",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J738DN",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "M",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J738DWN",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "M",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J998DN",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "M",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J998DWN",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "M",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-J587N",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "F",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DocuPrint P235 d",
          "vendor": "FUJIFILM Business Innovation",
          "versions": [
            {
              "lessThanOrEqual": "1.15",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DocuPrint P275 dw",
          "vendor": "FUJIFILM Business Innovation",
          "versions": [
            {
              "lessThanOrEqual": "1.15",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DocuPrint P285 dw",
          "vendor": "FUJIFILM Business Innovation",
          "versions": [
            {
              "lessThanOrEqual": "1.15",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DocuPrint P288 dw",
          "vendor": "FUJIFILM Business Innovation",
          "versions": [
            {
              "lessThanOrEqual": "1.15",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DocuPrint M235 dw",
          "vendor": "FUJIFILM Business Innovation",
          "versions": [
            {
              "lessThanOrEqual": "K",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DocuPrint M235 z",
          "vendor": "FUJIFILM Business Innovation",
          "versions": [
            {
              "lessThanOrEqual": "K",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DocuPrint M275 z",
          "vendor": "FUJIFILM Business Innovation",
          "versions": [
            {
              "lessThanOrEqual": "L",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DocuPrint M285 z",
          "vendor": "FUJIFILM Business Innovation",
          "versions": [
            {
              "lessThanOrEqual": "L",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DocuPrint M288 dw",
          "vendor": "FUJIFILM Business Innovation",
          "versions": [
            {
              "lessThanOrEqual": "E",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DocuPrint M288 z",
          "vendor": "FUJIFILM Business Innovation",
          "versions": [
            {
              "lessThanOrEqual": "E",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SP 230DNw",
          "vendor": "RICOH",
          "versions": [
            {
              "lessThanOrEqual": "1.07(G)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "P 201W",
          "vendor": "RICOH",
          "versions": [
            {
              "lessThanOrEqual": "1.03D(D)",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "M 340W",
          "vendor": "RICOH",
          "versions": [
            {
              "lessThanOrEqual": "G",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SP 230SFNw",
          "vendor": "RICOH",
          "versions": [
            {
              "lessThanOrEqual": "J",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "M 340FW",
          "vendor": "RICOH",
          "versions": [
            {
              "lessThanOrEqual": "H",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-J987N-W/B",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "F",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-T510W(China)",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "N",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-T710W(China)",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "N",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J805DWXL",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "J",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J815DWXL",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "J",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J995DWXL",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "P",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-T810W(China)",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "N",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-B7520DW (China)",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "V",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-B7535DW (China)",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "V",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-L2535DW (China)",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "M",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-L2550DW (China)",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "M",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-L2550DW (Japan)",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "R",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-L2550DW (Taiwan)",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "V",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L2715DW (Taiwan/Korea/Hong Kong)",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "V",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L2750DW (Japan)",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "R",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L3770CDW (Japan)",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZA",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L8610CDW (Japan)",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZD",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-L9570CDW (Japan)",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "ZD",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ADS-2400N",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "T",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ADS-2800W",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "T",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ADS-3000N",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "T",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ADS-3600W",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "T",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-J973N W/B",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "Y",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-J978N W/B",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "Y",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-J982N W/B",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "Y",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DCP-J987N W/B",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "F",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "MFC-J903N",
          "vendor": "Brother Industries, Ltd",
          "versions": [
            {
              "lessThanOrEqual": "X",
              "status": "affected",
              "version": "A",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Stephen Fewer, Principal Security Researcher at Rapid7"
        }
      ],
      "datePublic": "2025-06-25T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An unauthenticated attacker who can connect to TCP port 9100 can issue a Printer Job Language (PJL) command that will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device. A malformed PJL variable FORMLINES is set to a non number value causing the target to crash."
            }
          ],
          "value": "An unauthenticated attacker who can connect to TCP port 9100 can issue a Printer Job Language (PJL) command that will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device. A malformed PJL variable FORMLINES is set to a non number value causing the target to crash."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1286",
              "description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T14:05:35.126Z",
        "orgId": "9974b330-7714-4307-a722-5648477acda7",
        "shortName": "rapid7"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://support.brother.com/g/b/link.aspx?prod=group2\u0026faqid=faq00100846_000"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0625_announce.html"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000007"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/sfewer-r7/BrotherVulnerabilities"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Unauthenticated Denial of Service (DoS) via malformed PJL request affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, and Ricoh.",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
    "assignerShortName": "rapid7",
    "cveId": "CVE-2024-51982",
    "datePublished": "2025-06-25T07:25:00.402Z",
    "dateReserved": "2024-11-04T17:19:18.809Z",
    "dateUpdated": "2026-04-02T14:05:35.126Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-29041 (GCVE-0-2024-29041)

Vulnerability from cvelistv5 – Published: 2024-03-25 20:20 – Updated: 2024-08-02 01:03
VLAI
Title
Express.js Open Redirect in malformed URLs
Summary
Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
  • CWE-1286 - Improper Validation of Syntactic Correctness of Input
Assigner
Impacted products
Vendor Product Version
expressjs express Affected: >=4.14.0, <4.19.0
Affected: >=5.0.0-alpha.1, <5.0.0-beta.3
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-29041",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-26T13:59:28.274744Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:57:16.909Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.705Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc"
          },
          {
            "name": "https://github.com/koajs/koa/issues/1800",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/koajs/koa/issues/1800"
          },
          {
            "name": "https://github.com/expressjs/express/pull/5539",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/expressjs/express/pull/5539"
          },
          {
            "name": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd"
          },
          {
            "name": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94"
          },
          {
            "name": "https://expressjs.com/en/4x/api.html#res.location",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://expressjs.com/en/4x/api.html#res.location"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "express",
          "vendor": "expressjs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e=4.14.0, \u003c4.19.0"
            },
            {
              "status": "affected",
              "version": "\u003e=5.0.0-alpha.1, \u003c5.0.0-beta.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1286",
              "description": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-25T20:20:06.205Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc"
        },
        {
          "name": "https://github.com/koajs/koa/issues/1800",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/koajs/koa/issues/1800"
        },
        {
          "name": "https://github.com/expressjs/express/pull/5539",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/expressjs/express/pull/5539"
        },
        {
          "name": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd"
        },
        {
          "name": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94"
        },
        {
          "name": "https://expressjs.com/en/4x/api.html#res.location",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://expressjs.com/en/4x/api.html#res.location"
        }
      ],
      "source": {
        "advisory": "GHSA-rv95-896h-c2vc",
        "discovery": "UNKNOWN"
      },
      "title": "Express.js Open Redirect in malformed URLs"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-29041",
    "datePublished": "2024-03-25T20:20:06.205Z",
    "dateReserved": "2024-03-14T16:59:47.614Z",
    "dateUpdated": "2024-08-02T01:03:51.705Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-21616 (GCVE-0-2024-21616)

Vulnerability from cvelistv5 – Published: 2024-01-12 00:56 – Updated: 2025-06-17 14:43
VLAI
Title
Junos OS: MX Series and SRX Series: Processing of a specific SIP packet causes NAT IP allocation to fail
Summary
An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition. NAT IP usage can be monitored by running the following command. user@srx> show security nat resource-usage source-pool <source_pool_name> Pool name: source_pool_name .. Address Factor-index Port-range Used Avail Total Usage X.X.X.X 0 Single Ports 50258 52342 62464 96% <<<<< - Alg Ports 0 2048 2048 0% This issue affects: Juniper Networks Junos OS on MX Series and SRX Series * All versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1286 - Improper Validation of Syntactic Correctness of Input
  • Denial of Service (DoS)
Assigner
References
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: 0 , < 21.2R3-S6 (semver)
Affected: 21.3 , < 21.3R3-S5 (semver)
Affected: 21.4 , < 21.4R3-S5 (semver)
Affected: 22.1 , < 22.1R3-S4 (semver)
Affected: 22.2 , < 22.2R3-S3 (semver)
Affected: 22.3 , < 22.3R3-S1 (semver)
Affected: 22.4 , < 22.4R2-S2, 22.4R3 (semver)
Affected: 23.2 , < 23.2R1-S1, 23.2R2 (semver)
Create a notification for this product.
Date Public
2024-01-10 17:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:27:35.547Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://supportportal.juniper.net/JSA75757"
          },
          {
            "tags": [
              "technical-description",
              "x_transferred"
            ],
            "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21616",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-08T20:39:11.105269Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-17T14:43:11.964Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "MX Series",
            "SRX Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "21.2R3-S6",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.3R3-S5",
              "status": "affected",
              "version": "21.3",
              "versionType": "semver"
            },
            {
              "lessThan": "21.4R3-S5",
              "status": "affected",
              "version": "21.4",
              "versionType": "semver"
            },
            {
              "lessThan": "22.1R3-S4",
              "status": "affected",
              "version": "22.1",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S3",
              "status": "affected",
              "version": "22.2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R3-S1",
              "status": "affected",
              "version": "22.3",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R2-S2, 22.4R3",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R1-S1, 23.2R2",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eTo be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration.\u003c/p\u003e\u003cp\u003ePlease verify on SRX with:\u003c/p\u003e\u003ccode\u003e  user@host\u0026gt; show security alg status | match sip\u003c/code\u003e\u003cbr/\u003e\u003ccode\u003e  SIP : Enabled\u003c/code\u003e\u003cbr/\u003e\u003cp\u003ePlease verify on MX whether the following is configured:\u003c/p\u003e\u003ccode\u003e  user@host\u0026gt; show security alg status | match sip\u003c/code\u003e\u003cbr/\u003e\u003ccode\u003e  SIP : Enabled\u003c/code\u003e\u003cbr/\u003e\u003ccode\u003e  [services ... rule \u0026lt;rule-name\u0026gt; (term \u0026lt;term-name\u0026gt; ) from/match application/application-set \u0026lt;name\u0026gt;]\u003c/code\u003e\u003cbr/\u003e\u003cp\u003ewhere either\u003c/p\u003e\u003ccode\u003e  a. name = junos-sip\u003c/code\u003e\u003cbr/\u003e\u003cp\u003eor an application or application-set refers to SIP:\u003c/p\u003e\u003ccode\u003e  b. [applications application \u0026lt;name\u0026gt; application-protocol sip]\u003c/code\u003e\u003cbr/\u003e\u003cp\u003eor\u003c/p\u003e\u003ccode\u003e  c. [applications application-set \u0026lt;name\u0026gt; application junos-sip]\u003c/code\u003e\u003cbr/\u003e"
            }
          ],
          "value": "To be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration.\n\nPlease verify on SRX with:\n\n  user@host\u003e show security alg status | match sip\n  SIP : Enabled\nPlease verify on MX whether the following is configured:\n\n  user@host\u003e show security alg status | match sip\n  SIP : Enabled\n  [services ... rule \u003crule-name\u003e (term \u003cterm-name\u003e ) from/match application/application-set \u003cname\u003e]\nwhere either\n\n  a. name = junos-sip\nor an application or application-set refers to SIP:\n\n  b. [applications application \u003cname\u003e application-protocol sip]\nor\n\n  c. [applications application-set \u003cname\u003e application junos-sip]\n"
        }
      ],
      "datePublic": "2024-01-10T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cp\u003eAn Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).\u003c/p\u003e\u003cp\u003eOn all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition.\u003c/p\u003e\u003cp\u003eNAT IP usage can be monitored by running the following command.\u003c/p\u003e\u003ccode\u003euser@srx\u0026gt; show security nat resource-usage source-pool \u0026lt;source_pool_name\u0026gt;\u003c/code\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\u003ccode\u003ePool name: source_pool_name\u003c/code\u003e\u003cbr\u003e\u003ccode\u003e..\u003c/code\u003e\u003cbr\u003e\u003ccode\u003eAddress Factor-index Port-range Used Avail Total Usage\u003c/code\u003e\u003cbr\u003e\u003ccode\u003eX.X.X.X\u003c/code\u003e\u003cbr\u003e\u003ccode\u003e0 Single Ports 50258 52342 62464 96% \u0026lt;\u0026lt;\u0026lt;\u0026lt;\u0026lt;\u003c/code\u003e\u003cbr\u003e\u003ccode\u003e- Alg Ports 0 2048 2048 0%\u003c/code\u003e\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS on MX Series and SRX Series\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions earlier than 21.2R3-S6;\u003c/li\u003e\u003cli\u003e21.3 versions earlier than 21.3R3-S5;\u003c/li\u003e\u003cli\u003e21.4 versions earlier than 21.4R3-S5;\u003c/li\u003e\u003cli\u003e22.1 versions earlier than 22.1R3-S4;\u003c/li\u003e\u003cli\u003e22.2 versions earlier than 22.2R3-S3;\u003c/li\u003e\u003cli\u003e22.3 versions earlier than 22.3R3-S1;\u003c/li\u003e\u003cli\u003e22.4 versions earlier than 22.4R2-S2, 22.4R3;\u003c/li\u003e\u003cli\u003e23.2 versions earlier than 23.2R1-S1, 23.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n"
            }
          ],
          "value": "\nAn Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).\n\nOn all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition.\n\nNAT IP usage can be monitored by running the following command.\n\nuser@srx\u003e show security nat resource-usage source-pool \u003csource_pool_name\u003e\n\n\nPool name: source_pool_name\n..\nAddress Factor-index Port-range Used Avail Total Usage\nX.X.X.X\n0 Single Ports 50258 52342 62464 96% \u003c\u003c\u003c\u003c\u003c\n- Alg Ports 0 2048 2048 0%\nThis issue affects:\n\nJuniper Networks Junos OS on MX Series and SRX Series\n\n\n\n  *  All versions earlier than 21.2R3-S6;\n  *  21.3 versions earlier than 21.3R3-S5;\n  *  21.4 versions earlier than 21.4R3-S5;\n  *  22.1 versions earlier than 22.1R3-S4;\n  *  22.2 versions earlier than 22.2R3-S3;\n  *  22.3 versions earlier than 22.3R3-S1;\n  *  22.4 versions earlier than 22.4R2-S2, 22.4R3;\n  *  23.2 versions earlier than 23.2R1-S1, 23.2R2.\n\n\n\n\n\n\n"
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1286",
              "description": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial of Service (DoS)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-12T00:56:20.566Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA75757"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: Junos OS 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and all subsequent releases.\u003c/p\u003e"
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: Junos OS 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and all subsequent releases.\n\n"
        }
      ],
      "source": {
        "advisory": "JSA75757",
        "defect": [
          "1702811"
        ],
        "discovery": "USER"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-01-10T17:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "Junos OS: MX Series and SRX Series: Processing of a specific SIP packet causes NAT IP allocation to fail",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThere are no known workarounds for this issue, but it should be considered to disable the SIP ALG if it\u0027s not strictly needed.\u003c/p\u003e"
            }
          ],
          "value": "There are no known workarounds for this issue, but it should be considered to disable the SIP ALG if it\u0027s not strictly needed.\n\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-av217"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2024-21616",
    "datePublished": "2024-01-12T00:56:20.566Z",
    "dateReserved": "2023-12-27T19:38:25.710Z",
    "dateUpdated": "2025-06-17T14:43:11.964Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-21598 (GCVE-0-2024-21598)

Vulnerability from cvelistv5 – Published: 2024-04-12 14:54 – Updated: 2024-08-01 22:27
VLAI
Title
Junos OS and Junos OS Evolved: A malformed BGP tunnel encapsulation attribute will lead to an rpd crash
Summary
An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart. This issue affects Juniper Networks Junos OS: * 20.4 versions 20.4R1 and later versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2; Junos OS Evolved: * 20.4-EVO versions 20.4R1-EVO and later versions earlier than 20.4R3-S9-EVO; * 21.2-EVO versions earlier than 21.2R3-S7-EVO; * 21.3-EVO versions earlier than 21.3R3-S5-EVO; * 21.4-EVO versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S4-EVO; * 22.2-EVO versions earlier than 22.2R3-S3-EVO; * 22.3-EVO versions earlier than 22.3R3-S1-EVO; * 22.4-EVO versions earlier than 22.4R3-EVO; * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO; This issue does not affect Juniper Networks * Junos OS versions earlier than 20.4R1; * Junos OS Evolved versions earlier than 20.4R1-EVO. This is a related but separate issue than the one described in JSA79095.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1286 - Improper Validation of Syntactic Correctness of Input
  • Denial of Service (DoS)
Assigner
References
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: 20.4 , < 20.4R3-S9 (semver)
Affected: 21.2 , < 21.2R3-S7 (semver)
Affected: 21.3 , < 21.3R3-S5 (semver)
Affected: 21.4 , < 21.4R3-S5 (semver)
Affected: 22.1 , < 22.1R3-S4 (semver)
Affected: 22.2 , < 22.2R3-S3 (semver)
Affected: 22.3 , < 22.3R3-S1 (semver)
Affected: 22.4 , < 22.4R3 (semver)
Affected: 23.2 , < 23.2R1-S2, 23.2R2 (semver)
Create a notification for this product.
Juniper Networks Junos OS Evolved Affected: 20.4-EVO , < 20.4R3-S9-EVO (semver)
Affected: 21.2-EVO , < 21.2R3-S7-EVO (semver)
Affected: 21.3-EVO , < 21.3R3-S5-EVO (semver)
Affected: 21.4-EVO , < 21.4R3-S5-EVO (semver)
Affected: 22.1-EVO , < 22.1R3-S4-EVO (semver)
Affected: 22.2-EVO , < 22.2R3-S3-EVO (semver)
Affected: 22.3-EVO , < 22.3R3-S1-EVO (semver)
Affected: 22.4-EVO , < 22.4R3-EVO (semver)
Affected: 23.2-EVO , < 23.2R1-S2-EVO, 23.2R2-EVO (semver)
Create a notification for this product.
juniper_networks junos_os Affected: 20.4 , < 20.4r3-s9 (custom)
Affected: 21.2 , < 21.2r3-s7 (custom)
Affected: 21.3 , < 21.3r3-s5 (custom)
Affected: 21.4 , < 21.4r3-s5 (custom)
Affected: 22.1 , < 22.1r3-s4 (custom)
Affected: 22.2 , < 22.2r3-s3 (custom)
Affected: 22.3 , < 22.3r3-s1 (custom)
Affected: 22.4 , < 22.4r3 (custom)
Affected: 23.2 , < 23.2r1-s2 (custom)
    cpe:2.3:o:juniper_networks:junos_os:20.4:*:*:*:*:*:*:*
Create a notification for this product.
juniper junos_os_evolved Affected: 20.4 , < 20.4r3-s9 (custom)
Affected: 21.2 , < 21.2r3-s7 (custom)
Affected: 21.3 , < 21.3r3-s5 (custom)
Affected: 21.4 , < 21.4r3-s4 (custom)
Affected: 22.1 , < 22.1r3-s4 (custom)
Affected: 22.2 , < 22.2r3-s3 (custom)
    cpe:2.3:o:juniper:junos_os_evolved:22.3:-:*:*:*:*:*:*
    cpe:2.3:o:juniper:junos_os_evolved:22.4:-:*:*:*:*:*:*
    cpe:2.3:o:juniper:junos_os_evolved:23.2:-:*:*:*:*:*:*
    cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*
    cpe:2.3:o:juniper:junos_os_evolved:21.2:-:*:*:*:*:*:*
    cpe:2.3:o:juniper:junos_os_evolved:21.3:-:*:*:*:*:*:*
    cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*
    cpe:2.3:o:juniper:junos_os_evolved:22.1:-:*:*:*:*:*:*
    cpe:2.3:o:juniper:junos_os_evolved:22.2:-:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-04-10 16:00
Credits
Juniper SIRT would like to acknowledge and thank Matteo Memelli from Amazon for responsibly reporting this vulnerability.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:juniper_networks:junos_os:20.4:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "junos_os",
            "vendor": "juniper_networks",
            "versions": [
              {
                "lessThan": "20.4r3-s9",
                "status": "affected",
                "version": "20.4",
                "versionType": "custom"
              },
              {
                "lessThan": "21.2r3-s7",
                "status": "affected",
                "version": "21.2",
                "versionType": "custom"
              },
              {
                "lessThan": "21.3r3-s5",
                "status": "affected",
                "version": "21.3",
                "versionType": "custom"
              },
              {
                "lessThan": "21.4r3-s5",
                "status": "affected",
                "version": "21.4",
                "versionType": "custom"
              },
              {
                "lessThan": "22.1r3-s4",
                "status": "affected",
                "version": "22.1",
                "versionType": "custom"
              },
              {
                "lessThan": "22.2r3-s3",
                "status": "affected",
                "version": "22.2",
                "versionType": "custom"
              },
              {
                "lessThan": "22.3r3-s1",
                "status": "affected",
                "version": "22.3",
                "versionType": "custom"
              },
              {
                "lessThan": "22.4r3",
                "status": "affected",
                "version": "22.4",
                "versionType": "custom"
              },
              {
                "lessThan": "23.2r1-s2",
                "status": "affected",
                "version": "23.2",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:juniper:junos_os_evolved:22.3:-:*:*:*:*:*:*",
              "cpe:2.3:o:juniper:junos_os_evolved:22.4:-:*:*:*:*:*:*",
              "cpe:2.3:o:juniper:junos_os_evolved:23.2:-:*:*:*:*:*:*",
              "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*",
              "cpe:2.3:o:juniper:junos_os_evolved:21.2:-:*:*:*:*:*:*",
              "cpe:2.3:o:juniper:junos_os_evolved:21.3:-:*:*:*:*:*:*",
              "cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*",
              "cpe:2.3:o:juniper:junos_os_evolved:22.1:-:*:*:*:*:*:*",
              "cpe:2.3:o:juniper:junos_os_evolved:22.2:-:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "junos_os_evolved",
            "vendor": "juniper",
            "versions": [
              {
                "lessThan": "20.4r3-s9",
                "status": "affected",
                "version": "20.4",
                "versionType": "custom"
              },
              {
                "lessThan": "21.2r3-s7",
                "status": "affected",
                "version": "21.2",
                "versionType": "custom"
              },
              {
                "lessThan": "21.3r3-s5",
                "status": "affected",
                "version": "21.3",
                "versionType": "custom"
              },
              {
                "lessThan": "21.4r3-s4",
                "status": "affected",
                "version": "21.4",
                "versionType": "custom"
              },
              {
                "lessThan": "22.1r3-s4",
                "status": "affected",
                "version": "22.1",
                "versionType": "custom"
              },
              {
                "lessThan": "22.2r3-s3",
                "status": "affected",
                "version": "22.2",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21598",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-12T18:02:57.570562Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-31T14:32:30.418Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:27:36.007Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://supportportal.juniper.net/JSA75739"
          },
          {
            "tags": [
              "technical-description",
              "x_transferred"
            ],
            "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "20.4R3-S9",
              "status": "affected",
              "version": "20.4",
              "versionType": "semver"
            },
            {
              "lessThan": "21.2R3-S7",
              "status": "affected",
              "version": "21.2",
              "versionType": "semver"
            },
            {
              "lessThan": "21.3R3-S5",
              "status": "affected",
              "version": "21.3",
              "versionType": "semver"
            },
            {
              "lessThan": "21.4R3-S5",
              "status": "affected",
              "version": "21.4",
              "versionType": "semver"
            },
            {
              "lessThan": "22.1R3-S4",
              "status": "affected",
              "version": "22.1",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S3",
              "status": "affected",
              "version": "22.2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R3-S1",
              "status": "affected",
              "version": "22.3",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R1-S2, 23.2R2",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "20.4R3-S9-EVO",
              "status": "affected",
              "version": "20.4-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "21.2R3-S7-EVO",
              "status": "affected",
              "version": "21.2-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "21.3R3-S5-EVO",
              "status": "affected",
              "version": "21.3-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "21.4R3-S5-EVO",
              "status": "affected",
              "version": "21.4-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.1R3-S4-EVO",
              "status": "affected",
              "version": "22.1-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S3-EVO",
              "status": "affected",
              "version": "22.2-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R3-S1-EVO",
              "status": "affected",
              "version": "22.3-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3-EVO",
              "status": "affected",
              "version": "22.4-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R1-S2-EVO, 23.2R2-EVO",
              "status": "affected",
              "version": "23.2-EVO",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eTo be exposed to this vulnerability BGP needs to be configured as in the following example, but no further options need to be enabled:\u003c/p\u003e\u003cp\u003e\u0026nbsp; [ protocols bgp group \u0026lt;group\u0026gt; neighbor ... ]\u003c/p\u003e"
            }
          ],
          "value": "To be exposed to this vulnerability BGP needs to be configured as in the following example, but no further options need to be enabled:\n\n\u00a0 [ protocols bgp group \u003cgroup\u003e neighbor ... ]"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Juniper SIRT would like to acknowledge and thank Matteo Memelli from Amazon for responsibly reporting this vulnerability."
        }
      ],
      "datePublic": "2024-04-10T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eIf a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart.\u003cbr\u003e\u003cbr\u003eThis issue affects Juniper Networks\u003cbr\u003eJunos OS:\u003cbr\u003e\u003cul\u003e\u003cli\u003e20.4 versions 20.4R1 and later versions earlier than 20.4R3-S9;\u003c/li\u003e\u003cli\u003e21.2 versions earlier than 21.2R3-S7;\u003c/li\u003e\u003cli\u003e21.3 versions earlier than 21.3R3-S5;\u003c/li\u003e\u003cli\u003e21.4 versions earlier than 21.4R3-S5;\u003c/li\u003e\u003cli\u003e22.1 versions earlier than 22.1R3-S4;\u003c/li\u003e\u003cli\u003e22.2 versions earlier than 22.2R3-S3;\u003c/li\u003e\u003cli\u003e22.3 versions earlier than 22.3R3-S1;\u003c/li\u003e\u003cli\u003e22.4 versions earlier than 22.4R3;\u003c/li\u003e\u003cli\u003e23.2 versions earlier than 23.2R1-S2, 23.2R2;\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eJunos OS Evolved:\u003cbr\u003e\u003cul\u003e\u003cli\u003e20.4-EVO versions 20.4R1-EVO and later versions earlier than 20.4R3-S9-EVO;\u003c/li\u003e\u003cli\u003e21.2-EVO versions earlier than 21.2R3-S7-EVO;\u003c/li\u003e\u003cli\u003e21.3-EVO versions earlier than 21.3R3-S5-EVO;\u003c/li\u003e\u003cli\u003e21.4-EVO versions earlier than 21.4R3-S5-EVO;\u003c/li\u003e\u003cli\u003e22.1-EVO versions earlier than 22.1R3-S4-EVO;\u003c/li\u003e\u003cli\u003e22.2-EVO versions earlier than 22.2R3-S3-EVO;\u003c/li\u003e\u003cli\u003e22.3-EVO versions earlier than 22.3R3-S1-EVO;\u003c/li\u003e\u003cli\u003e22.4-EVO versions earlier than 22.4R3-EVO;\u003c/li\u003e\u003cli\u003e23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO;\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eThis issue does not affect Juniper Networks\u003cbr\u003e\u003cul\u003e\u003cli\u003eJunos OS versions earlier than 20.4R1;\u003c/li\u003e\u003cli\u003eJunos OS Evolved versions earlier than 20.4R1-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eThis is a related but separate issue than the one described in JSA79095.\u003cbr\u003e"
            }
          ],
          "value": "An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\n\nIf a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart.\n\nThis issue affects Juniper Networks\nJunos OS:\n  *  20.4 versions 20.4R1 and later versions earlier than 20.4R3-S9;\n  *  21.2 versions earlier than 21.2R3-S7;\n  *  21.3 versions earlier than 21.3R3-S5;\n  *  21.4 versions earlier than 21.4R3-S5;\n  *  22.1 versions earlier than 22.1R3-S4;\n  *  22.2 versions earlier than 22.2R3-S3;\n  *  22.3 versions earlier than 22.3R3-S1;\n  *  22.4 versions earlier than 22.4R3;\n  *  23.2 versions earlier than 23.2R1-S2, 23.2R2;\n\n\n\nJunos OS Evolved:\n  *  20.4-EVO versions 20.4R1-EVO and later versions earlier than 20.4R3-S9-EVO;\n  *  21.2-EVO versions earlier than 21.2R3-S7-EVO;\n  *  21.3-EVO versions earlier than 21.3R3-S5-EVO;\n  *  21.4-EVO versions earlier than 21.4R3-S5-EVO;\n  *  22.1-EVO versions earlier than 22.1R3-S4-EVO;\n  *  22.2-EVO versions earlier than 22.2R3-S3-EVO;\n  *  22.3-EVO versions earlier than 22.3R3-S1-EVO;\n  *  22.4-EVO versions earlier than 22.4R3-EVO;\n  *  23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO;\n\n\n\nThis issue does not affect Juniper Networks\n  *  Junos OS versions earlier than 20.4R1;\n  *  Junos OS Evolved versions earlier than 20.4R1-EVO.\n\n\n\nThis is a related but separate issue than the one described in JSA79095."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1286",
              "description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial of Service (DoS)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-16T19:53:00.228Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://supportportal.juniper.net/JSA75739"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: \u003c/p\u003e\u003cp\u003eJunos OS: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S1, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1, and all subsequent releases;\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S3-EVO, 22.3R3-S1-EVO, 22.4R3-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.\u003c/p\u003e"
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S1, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1, and all subsequent releases;\n\nJunos OS Evolved: 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S3-EVO, 22.3R3-S1-EVO, 22.4R3-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA75739",
        "defect": [
          "1760356"
        ],
        "discovery": "USER"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-04-10T16:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "Junos OS and Junos OS Evolved: A malformed BGP tunnel encapsulation attribute will lead to an rpd crash",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-av217"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2024-21598",
    "datePublished": "2024-04-12T14:54:23.761Z",
    "dateReserved": "2023-12-27T19:38:25.705Z",
    "dateUpdated": "2024-08-01T22:27:36.007Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-21595 (GCVE-0-2024-21595)

Vulnerability from cvelistv5 – Published: 2024-01-12 00:52 – Updated: 2024-09-03 18:13
VLAI
Title
Junos OS: EX4100, EX4400, EX4600, QFX5000 Series: A high rate of specific ICMP traffic will cause the PFE to hang
Summary
An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device. This issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices. This issue affects: Juniper Networks Junos OS * 21.4R3 versions earlier than 21.4R3-S4; * 22.1R3 versions earlier than 22.1R3-S3; * 22.2R2 versions earlier than 22.2R3-S1; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R2; * 23.1 versions earlier than 23.1R2.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1286 - Improper Validation of Syntactic Correctness of Input
  • Denial of Service (DoS)
Assigner
References
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: 21.4R3 , < 21.4R3-S4 (semver)
Affected: 22.1R3 , < 22.1R3-S3 (semver)
Affected: 22.2R2 , < 22.2R3-S1 (semver)
Affected: 22.3 , < 22.3R2-S2, 22.3R3 (semver)
Affected: 22.4 , < 22.4R2 (semver)
Affected: 23.1 , < 23.1R2 (semver)
Create a notification for this product.
juniper junos Affected: 21.4R3 , < 21.4R3-S4 (semver)
Affected: 22.1R3 , < 22.1R3-S3 (semver)
Affected: 22.2R2 , < 22.2R3-S1 (semver)
Affected: 22.3 , < 22.3R2-S2 (semver)
Affected: 22.3 , < 22.3R3 (semver)
Affected: 22.4 , < 22.4R2 (semver)
Affected: 23.1 , < 23.1R2 (semver)
    cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-01-10 17:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:27:34.822Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://advisory.juniper.net/JSA75734"
          },
          {
            "tags": [
              "technical-description",
              "x_transferred"
            ],
            "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "junos",
            "vendor": "juniper",
            "versions": [
              {
                "lessThan": "21.4R3-S4",
                "status": "affected",
                "version": "21.4R3",
                "versionType": "semver"
              },
              {
                "lessThan": "22.1R3-S3",
                "status": "affected",
                "version": "22.1R3",
                "versionType": "semver"
              },
              {
                "lessThan": "22.2R3-S1",
                "status": "affected",
                "version": "22.2R2",
                "versionType": "semver"
              },
              {
                "lessThan": "22.3R2-S2",
                "status": "affected",
                "version": "22.3",
                "versionType": "semver"
              },
              {
                "lessThan": "22.3R3",
                "status": "affected",
                "version": "22.3",
                "versionType": "semver"
              },
              {
                "lessThan": "22.4R2",
                "status": "affected",
                "version": "22.4",
                "versionType": "semver"
              },
              {
                "lessThan": "23.1R2",
                "status": "affected",
                "version": "23.1",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21595",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-25T18:46:03.901666Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-03T18:13:05.922Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "EX4100",
            "EX4400",
            "EX4600",
            "QFX5000 Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "21.4R3-S4",
              "status": "affected",
              "version": "21.4R3",
              "versionType": "semver"
            },
            {
              "lessThan": "22.1R3-S3",
              "status": "affected",
              "version": "22.1R3",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S1",
              "status": "affected",
              "version": "22.2R2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R2-S2, 22.3R3",
              "status": "affected",
              "version": "22.3",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R2",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            },
            {
              "lessThan": "23.1R2",
              "status": "affected",
              "version": "23.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eTo be exposed to this issue the device needs be configured for VXLAN with either of the following statements:\u003c/p\u003e\u003ccode\u003e  [ vlans \u0026lt;vlan\u0026gt; vxlan ]\u003c/code\u003e\u003cbr/\u003e\u003ccode\u003e  [ routing-instances \u0026lt;routing-instance\u0026gt; vxlan ]\u003c/code\u003e\u003cbr/\u003e"
            }
          ],
          "value": "To be exposed to this issue the device needs be configured for VXLAN with either of the following statements:\n\n  [ vlans \u003cvlan\u003e vxlan ]\n  [ routing-instances \u003crouting-instance\u003e vxlan ]\n"
        }
      ],
      "datePublic": "2024-01-10T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cp\u003eAn Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\u003c/p\u003e\u003cp\u003eIf an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device.\u003c/p\u003e\u003cp\u003eThis issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices.\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e21.4R3 versions earlier than 21.4R3-S4;\u003c/li\u003e\u003cli\u003e22.1R3 versions earlier than 22.1R3-S3;\u003c/li\u003e\u003cli\u003e22.2R2 versions earlier than 22.2R3-S1;\u003c/li\u003e\u003cli\u003e22.3 versions earlier than 22.3R2-S2, 22.3R3;\u003c/li\u003e\u003cli\u003e22.4 versions earlier than 22.4R2;\u003c/li\u003e\u003cli\u003e23.1 versions earlier than 23.1R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n"
            }
          ],
          "value": "\nAn Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\n\nIf an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device.\n\nThis issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n  *  21.4R3 versions earlier than 21.4R3-S4;\n  *  22.1R3 versions earlier than 22.1R3-S3;\n  *  22.2R2 versions earlier than 22.2R3-S1;\n  *  22.3 versions earlier than 22.3R2-S2, 22.3R3;\n  *  22.4 versions earlier than 22.4R2;\n  *  23.1 versions earlier than 23.1R2.\n\n\n\n\n\n\n"
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1286",
              "description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial of Service (DoS)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-12T00:52:35.433Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://advisory.juniper.net/JSA75734"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: Junos OS 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2, 23.1R2, 23.2R1, and all subsequent releases.\u003c/p\u003e"
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: Junos OS 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2, 23.1R2, 23.2R1, and all subsequent releases.\n\n"
        }
      ],
      "source": {
        "advisory": "JSA75734",
        "defect": [
          "1719542"
        ],
        "discovery": "USER"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-01-10T17:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "Junos OS: EX4100, EX4400, EX4600, QFX5000 Series: A high rate of specific ICMP traffic will cause the PFE to hang",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
            }
          ],
          "value": "There are no known workarounds for this issue.\n\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-av217"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2024-21595",
    "datePublished": "2024-01-12T00:52:35.433Z",
    "dateReserved": "2023-12-27T19:38:25.704Z",
    "dateUpdated": "2024-09-03T18:13:05.922Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-8772 (GCVE-0-2024-8772)

Vulnerability from cvelistv5 – Published: 2024-11-26 07:24 – Updated: 2025-03-28 07:16
VLAI
Summary
51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1286 - Improper Validation of Syntactic Correctness of Input
Assigner
Impacted products
Vendor Product Version
Axis Communications AB AXIS OS Affected: 9.80.0 , < 9.80.84 (semver)
Affected: 10.0.0 , < 10.12.259 (semver)
Affected: 11.0.0 , < 11.11.118 (semver)
Affected: 12.0.0 , < 12.1.28 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8772",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-26T14:03:47.694750Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T14:09:25.289Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AXIS OS",
          "vendor": "Axis Communications AB",
          "versions": [
            {
              "lessThan": "9.80.84",
              "status": "affected",
              "version": "9.80.0",
              "versionType": "semver"
            },
            {
              "lessThan": "10.12.259",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "11.11.118",
              "status": "affected",
              "version": "11.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "12.1.28",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API \u003ci\u003emanagedoverlayimages.cgi\u003c/i\u003e was vulnerable to a race condition attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.\n\n\u003cbr\u003e"
            }
          ],
          "value": "51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1286",
              "description": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-28T07:16:28.604Z",
        "orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
        "shortName": "Axis"
      },
      "references": [
        {
          "url": "https://www.axis.com/dam/public/permalink/231072/cve-2024-8772pdf-en-US_InternalID-231072.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
    "assignerShortName": "Axis",
    "cveId": "CVE-2024-8772",
    "datePublished": "2024-11-26T07:24:27.026Z",
    "dateReserved": "2024-09-13T04:58:51.727Z",
    "dateUpdated": "2025-03-28T07:16:28.604Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-8160 (GCVE-0-2024-8160)

Vulnerability from cvelistv5 – Published: 2024-11-26 07:27 – Updated: 2025-03-28 07:18
VLAI
Summary
Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This flaw can only be exploited after authenticating with an administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1286 - Improper Validation of Syntactic Correctness of Input
Assigner
Impacted products
Vendor Product Version
Axis Communications AB AXIS OS Affected: 10.9.0 , < 10.12.257 (semver)
Unaffected: 11.0.0 , < 11.11.116 (semver)
Affected: 12.0.0 , < 12.1.21 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8160",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-26T14:03:54.135932Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T14:09:25.517Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AXIS OS",
          "vendor": "Axis Communications AB",
          "versions": [
            {
              "lessThan": "10.12.257",
              "status": "affected",
              "version": "10.9.0",
              "versionType": "semver"
            },
            {
              "lessThan": "11.11.116",
              "status": "unaffected",
              "version": "11.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "12.1.21",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API \u003ci\u003eftptest.cgi\u003c/i\u003e did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This flaw can only be exploited after authenticating with an administrator-privileged service account. \nAxis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.\n\n\u003cbr\u003e"
            }
          ],
          "value": "Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This flaw can only be exploited after authenticating with an administrator-privileged service account. \nAxis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1286",
              "description": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-28T07:18:14.700Z",
        "orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
        "shortName": "Axis"
      },
      "references": [
        {
          "url": "https://www.axis.com/dam/public/permalink/231071/cve-2024-8160pdf-en-US_InternalID-231071.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
    "assignerShortName": "Axis",
    "cveId": "CVE-2024-8160",
    "datePublished": "2024-11-26T07:27:32.229Z",
    "dateReserved": "2024-08-26T06:30:37.790Z",
    "dateUpdated": "2025-03-28T07:18:14.700Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7954 (GCVE-0-2024-7954)

Vulnerability from cvelistv5 – Published: 2024-08-23 17:43 – Updated: 2025-11-22 12:12
VLAI
Title
SPIP porte_plume Plugin Arbitrary PHP Execution
Summary
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
  • CWE-1286 - Improper Validation of Syntactic Correctness of Input
Assigner
References
Impacted products
Vendor Product Version
SPIP SPIP Affected: 4.3.0-alpha , < 4.3.0-alpha2 (custom)
Affected: 4.2.0 , < 4.2.13 (semver)
Affected: 4.1.0 , < 4.1.16 (semver)
Create a notification for this product.
spip spip Affected: 4.3.0-alpha , < 4.3.0-alpha2 (custom)
Affected: 4.2.0 , < 4.2.13 (semver)
Affected: 4.1.0 , < 4.1.16 (semver)
    cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Louka Jacques-Chevallier
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "spip",
            "vendor": "spip",
            "versions": [
              {
                "lessThan": "4.3.0-alpha2",
                "status": "affected",
                "version": "4.3.0-alpha",
                "versionType": "custom"
              },
              {
                "lessThan": "4.2.13",
                "status": "affected",
                "version": "4.2.0",
                "versionType": "semver"
              },
              {
                "lessThan": "4.1.16",
                "status": "affected",
                "version": "4.1.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7954",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-23T18:26:49.808289Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-23T18:31:44.888Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SPIP",
          "vendor": "SPIP",
          "versions": [
            {
              "lessThan": "4.3.0-alpha2",
              "status": "affected",
              "version": "4.3.0-alpha",
              "versionType": "custom"
            },
            {
              "lessThan": "4.2.13",
              "status": "affected",
              "version": "4.2.0",
              "versionType": "semver"
            },
            {
              "lessThan": "4.1.16",
              "status": "affected",
              "version": "4.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.3.0-alpha2",
                  "versionStartIncluding": "4.3.0-alpha",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.2.13",
                  "versionStartIncluding": "4.2.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.1.16",
                  "versionStartIncluding": "4.1.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Louka Jacques-Chevallier"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.\u003cbr\u003e"
            }
          ],
          "value": "The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-242",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-242 Code Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-95",
              "description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1286",
              "description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-22T12:12:14.668Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vulncheck.com/advisories/spip-porte-plume"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-0-alpha2-SPIP-4-2-13-SPIP-4.html"
        },
        {
          "tags": [
            "technical-description",
            "exploit"
          ],
          "url": "https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_1_the_feather/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "SPIP porte_plume Plugin Arbitrary PHP Execution",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2024-7954",
    "datePublished": "2024-08-23T17:43:20.967Z",
    "dateReserved": "2024-08-19T18:16:30.180Z",
    "dateUpdated": "2025-11-22T12:12:14.668Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-6763 (GCVE-0-2024-6763)

Vulnerability from cvelistv5 – Published: 2024-10-14 15:06 – Updated: 2025-03-07 00:10
VLAI
Title
Jetty URI parsing of invalid authority
Summary
Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. Specifically HttpURI and the browser may differ on the value of the host extracted from an invalid URI and thus a combination of Jetty and a vulnerable browser may be vulnerable to a open redirect attack or to a SSRF attack if the URI is used after passing validation checks.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Eclipse Foundation Jetty Affected: 7.0.0 , ≤ 12.0.11 (semver)
Create a notification for this product.
eclipse jetty Affected: 7.0.0 , ≤ 12.0.11 (semver)
    cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-10-14 15:00
Credits
https://github.com/zer0yu
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "jetty",
            "vendor": "eclipse",
            "versions": [
              {
                "lessThanOrEqual": "12.0.11",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6763",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-15T17:44:14.448650Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-15T17:45:35.771Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-03-07T00:10:46.301Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250306-0005/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2/",
          "defaultStatus": "unaffected",
          "modules": [
            "jetty-http"
          ],
          "packageName": "org.eclipse.jetty:jetty-http",
          "product": "Jetty",
          "repo": "https://github.com/jetty/jetty.project",
          "vendor": "Eclipse Foundation",
          "versions": [
            {
              "lessThanOrEqual": "12.0.11",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "https://github.com/zer0yu"
        }
      ],
      "datePublic": "2024-10-14T15:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eEclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, \u003ccode\u003eHttpURI\u003c/code\u003e, for URI/URL parsing.\u003c/p\u003e\u003cp\u003eThe \u003ccode\u003eHttpURI\u003c/code\u003e class does insufficient validation on the authority segment of a URI.  However the behaviour of \u003ccode\u003eHttpURI\u003c/code\u003e\n differs from the common browsers in how it handles a URI that would be \nconsidered invalid if fully validated against the RRC.  Specifically \u003ccode\u003eHttpURI\u003c/code\u003e\n and the browser may differ on the value of the host extracted from an \ninvalid URI and thus a combination of Jetty and a vulnerable browser may\n be vulnerable to a open redirect attack or to a SSRF attack if the URI \nis used after passing validation checks.\u003c/p\u003e"
            }
          ],
          "value": "Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing.\n\nThe HttpURI class does insufficient validation on the authority segment of a URI.  However the behaviour of HttpURI\n differs from the common browsers in how it handles a URI that would be \nconsidered invalid if fully validated against the RRC.  Specifically HttpURI\n and the browser may differ on the value of the host extracted from an \ninvalid URI and thus a combination of Jetty and a vulnerable browser may\n be vulnerable to a open redirect attack or to a SSRF attack if the URI \nis used after passing validation checks."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1286",
              "description": "CWE-1286",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-14T15:30:38.815Z",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh"
        },
        {
          "url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/25"
        },
        {
          "url": "https://github.com/jetty/jetty.project/pull/12012"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Jetty URI parsing of invalid authority",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe attacks outlined above rely on decoded user data being passed to the \u003ccode\u003eHttpURI\u003c/code\u003e class. Application should not pass decoded user data as an encoded URI to any URI class/method, including \u003ccode\u003eHttpURI\u003c/code\u003e.  Such applications are likely to be vulnerable in other ways.\u003cbr\u003e\nThe immediate solution is to upgrade to a version of the class that will\n fully validate the characters of the URI authority.  Ultimately, Jetty \nwill deprecate and remove support for user info in the authority per \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://datatracker.ietf.org/doc/html/rfc9110#section-4.2.4\"\u003eRFC9110 Section 4.2.4\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eNote that the Chrome (and other browsers) parse the \ninvalid user info section improperly as well (due to flawed WhatWG URL \nparsing rules that do not apply outside of a Web Browser).\u003c/p\u003e"
            }
          ],
          "value": "The attacks outlined above rely on decoded user data being passed to the HttpURI class. Application should not pass decoded user data as an encoded URI to any URI class/method, including HttpURI.  Such applications are likely to be vulnerable in other ways.\n\nThe immediate solution is to upgrade to a version of the class that will\n fully validate the characters of the URI authority.  Ultimately, Jetty \nwill deprecate and remove support for user info in the authority per  RFC9110 Section 4.2.4 https://datatracker.ietf.org/doc/html/rfc9110#section-4.2.4 .\n\n\nNote that the Chrome (and other browsers) parse the \ninvalid user info section improperly as well (due to flawed WhatWG URL \nparsing rules that do not apply outside of a Web Browser)."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2024-6763",
    "datePublished": "2024-10-14T15:06:07.298Z",
    "dateReserved": "2024-07-15T17:37:53.605Z",
    "dateUpdated": "2025-03-07T00:10:46.301Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-6284 (GCVE-0-2024-6284)

Vulnerability from cvelistv5 – Published: 2024-07-03 22:58 – Updated: 2025-09-08 09:36
VLAI
Title
Improper IPv4 and IPv6 byte order storage in github.com/google/nftables
Summary
In https://github.com/google/nftables  IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses). This issue affects:  https://pkg.go.dev/github.com/google/nftables@v0.1.0 The bug was fixed in the next released version:  https://pkg.go.dev/github.com/google/nftables@v0.2.0
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1286 - Improper Validation of Syntactic Correctness of Input
  • CWE-1389 - Incorrect Parsing of Numbers with Different Radices
Assigner
Impacted products
Vendor Product Version
Google https://github.com/google/nftables Affected: 0.1.0
Unaffected: 0.2.0
Create a notification for this product.
netfilter nftables Affected: 0.1.0 , < 0.2.0 (custom)
    cpe:2.3:a:netfilter:nftables:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-05-13 04:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:33:05.456Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/google/nftables/issues/225"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/crowdsecurity/cs-firewall-bouncer/issues/368"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/crowdsec-firewall-bouncer/+bug/2069596"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:netfilter:nftables:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "nftables",
            "vendor": "netfilter",
            "versions": [
              {
                "lessThan": "0.2.0",
                "status": "affected",
                "version": "0.1.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6284",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-19T14:56:05.757333Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-19T14:58:42.867Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "https://github.com/google/nftables",
          "repo": "https://github.com/google/nftables",
          "vendor": "Google",
          "versions": [
            {
              "status": "affected",
              "version": "0.1.0"
            },
            {
              "status": "unaffected",
              "version": "0.2.0"
            }
          ]
        }
      ],
      "datePublic": "2024-05-13T04:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIn \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/google/nftables\"\u003ehttps://github.com/google/nftables\u003c/a\u003e\u0026nbsp;IP addresses were encoded in the wrong byte order,\u0026nbsp;resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses).\u003cbr\u003e\u003cbr\u003eThis issue affects:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://pkg.go.dev/github.com/google/nftables@v0.1.0\"\u003ehttps://pkg.go.dev/github.com/google/nftables@v0.1.0\u003c/a\u003e\u003cbr\u003e\u003cbr\u003eThe bug was fixed in the next released version:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://pkg.go.dev/github.com/google/nftables@v0.2.0\"\u003ehttps://pkg.go.dev/github.com/google/nftables@v0.2.0\u003c/a\u003e\u003c/p\u003e"
            }
          ],
          "value": "In  https://github.com/google/nftables \u00a0IP addresses were encoded in the wrong byte order,\u00a0resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses).\n\nThis issue affects:\u00a0 https://pkg.go.dev/github.com/google/nftables@v0.1.0 \n\nThe bug was fixed in the next released version:\u00a0 https://pkg.go.dev/github.com/google/nftables@v0.2.0"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-180",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1286",
              "description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1389",
              "description": "CWE-1389 Incorrect Parsing of Numbers with Different Radices",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-08T09:36:50.396Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "url": "https://github.com/google/nftables/issues/225"
        },
        {
          "url": "https://github.com/crowdsecurity/cs-firewall-bouncer/issues/368"
        },
        {
          "url": "https://bugs.launchpad.net/ubuntu/+source/crowdsec-firewall-bouncer/+bug/2069596"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Improper IPv4 and IPv6 byte order storage in github.com/google/nftables",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2024-6284",
    "datePublished": "2024-07-03T22:58:17.340Z",
    "dateReserved": "2024-06-24T13:16:59.140Z",
    "dateUpdated": "2025-09-08T09:36:50.396Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
CAPEC-66: SQL Injection

This attack exploits target software that constructs SQL statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL Injection results from failure of the application to appropriately validate input.

CAPEC-676: NoSQL Injection

An adversary targets software that constructs NoSQL statements based on user input or with parameters vulnerable to operator replacement in order to achieve a variety of technical impacts such as escalating privileges, bypassing authentication, and/or executing code.