Search criteria
3 vulnerabilities found for (Multiple Products) by KONICA MINOLTA, INC.
JVNDB-2025-014081
Vulnerability from jvndb - Published: 2025-09-19 10:52 - Updated:2025-09-19 10:52Summary
Multiple Brother and its OEM products with weak initial administrator passwords
Details
Multiple products provided by BROTHER INDUSTRIES, LTD and other OEM vendors are setup with weak initial administrator passwords, which can be derived from their serial numbers.
This is reported by Rapid7, and treated on JVNVU#90043828, CVE-2024-51978.
Brother states that
(1) serial numbers have been available without authentication by design, for system management purposes, and
(2) to fix CVE-2024-51978, the production-lines have been revised to introduce the initial passwords which are hard to derive from its serial numbers
After the publication of CVE-2024-51978, runZero reported that eSCL/uscan can be also used to retrieve serial numbers without authentication.
eSCL/uscan is not described in CVE-2024-51977, and considering the existence of CVE-2024-51978, Austin Hackers Anonymous assigns CVE-2025-8452.
runZero reported this issue to the developer.
JPCERT/CC coordinated between the reporter and the developer.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-014081.html",
"dc:date": "2025-09-19T10:52+09:00",
"dcterms:issued": "2025-09-19T10:52+09:00",
"dcterms:modified": "2025-09-19T10:52+09:00",
"description": "Multiple products provided by BROTHER INDUSTRIES, LTD and other OEM vendors are setup with weak initial administrator passwords, which can be derived from their serial numbers.\r\nThis is reported by Rapid7, and treated on \u003ca href=\"https://jvn.jp/en/vu/JVNVU90043828/\"target=\"blank\"\u003eJVNVU#90043828\u003c/a\u003e, \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51978\"target=\"blank\"\u003eCVE-2024-51978\u003c/a\u003e.\r\nBrother states that\r\n (1) serial numbers have been available without authentication by design, for system management purposes, and\r\n (2) to fix CVE-2024-51978, the production-lines have been revised to introduce the initial passwords which are hard to derive from its serial numbers\r\n\r\nAfter the publication of CVE-2024-51978, runZero reported that eSCL/uscan can be also used to retrieve serial numbers without authentication.\r\neSCL/uscan is not described in CVE-2024-51977, and considering the existence of CVE-2024-51978, Austin Hackers Anonymous assigns \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2025-8452\"target=\"blank\"\u003eCVE-2025-8452\u003c/a\u003e.\r\n\r\nrunZero reported this issue to the developer.\r\nJPCERT/CC coordinated between the reporter and the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-014081.html",
"sec:cpe": [
{
"#text": "cpe:/a:brother:multiple_products",
"@product": "(Multiple Products)",
"@vendor": "Brother Industries",
"@version": "2.2"
},
{
"#text": "cpe:/a:toshibatec:multiple_product",
"@product": "(Multiple Products)",
"@vendor": "TOSHIBA TEC",
"@version": "2.2"
},
{
"#text": "cpe:/o:konicaminolta:multiple_product",
"@product": "(Multiple Products)",
"@vendor": "KONICA MINOLTA, INC.",
"@version": "2.2"
}
],
"sec:identifier": "JVNDB-2025-014081",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU93294882/index.html",
"@id": "JVNVU#93294882",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/vu/JVNVU90043828/",
"@id": "JVNVU#90043828",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-8452",
"@id": "CVE-2025-8452",
"@source": "CVE"
},
{
"#text": "https://takeonme.org/cves/cve-2025-8452/",
"@id": "Brother Printer Serial Number Disclosure",
"@source": "Related Information"
},
{
"#text": "https://www.runzero.com/blog/brother-devices/",
"@id": "How to find Brother printer, scanner and label maker devices on your network",
"@source": "Related Information"
}
],
"title": "Multiple Brother and its OEM products with weak initial administrator passwords"
}
JVNDB-2025-012659
Vulnerability from jvndb - Published: 2025-09-01 15:22 - Updated:2025-09-01 15:22
Severity ?
Summary
Denial-of-service (DoS) vulnerability in Konica Minolta bizhub series
Details
A vulnerability that could allow a Denial-of-Service (DoS) is reported in the Konica Minolta bizhub series.
Konica Minolta bizhub series provided by Konica Minolta, Inc. contains the following vulnerability.
- Uncaught exception (CWE-248) - CVE-2025-54777
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-012659.html",
"dc:date": "2025-09-01T15:22+09:00",
"dcterms:issued": "2025-09-01T15:22+09:00",
"dcterms:modified": "2025-09-01T15:22+09:00",
"description": "A vulnerability that could allow a Denial-of-Service (DoS) is reported in the Konica Minolta bizhub series.\r\n\r\nKonica Minolta bizhub series provided by Konica Minolta, Inc. contains the following vulnerability.\r\n\u003cul\u003e\u003cli\u003eUncaught exception (CWE-248) - CVE-2025-54777\u003c/li\u003e\u003c/ul\u003e\r\n\r\nKonica Minolta, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-012659.html",
"sec:cpe": {
"#text": "cpe:/o:konicaminolta:multiple_product",
"@product": "(Multiple Products)",
"@vendor": "KONICA MINOLTA, INC.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-012659",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU99831542/index.html",
"@id": "JVNVU#99831542",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-54777",
"@id": "CVE-2025-54777",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/248.html",
"@id": "CWE-248",
"@title": "Uncaught Exception(CWE-248)"
}
],
"title": "Denial-of-service (DoS) vulnerability in Konica Minolta bizhub series"
}
JVNDB-2025-007607
Vulnerability from jvndb - Published: 2025-07-01 14:09 - Updated:2025-07-01 14:09
Severity ?
Summary
Pass-Back Attack vulnerability in Konica Minorta bizhub series
Details
Konica Minorta bizhub series provided by Konica Minolta, Inc. contains the following vulnerability.
- Vulnerability that could allow a Pass-Back Attack (CWE-522) - CVE-2025-6081
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-007607.html",
"dc:date": "2025-07-01T14:09+09:00",
"dcterms:issued": "2025-07-01T14:09+09:00",
"dcterms:modified": "2025-07-01T14:09+09:00",
"description": "Konica Minorta bizhub series provided by Konica Minolta, Inc. contains the following vulnerability.\r\n\r\n\r\n\u003cul\u003e\r\n\u003cli\u003eVulnerability that could allow a Pass-Back Attack (CWE-522) - CVE-2025-6081\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\nKonica Minolta, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-007607.html",
"sec:cpe": {
"#text": "cpe:/o:konicaminolta:multiple_product",
"@product": "(Multiple Products)",
"@vendor": "KONICA MINOLTA, INC.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-007607",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU93850661/index.html",
"@id": "JVNVU#93850661",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-6081",
"@id": "CVE-2025-6081",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/522.html",
"@id": "CWE-522",
"@title": "Insufficiently Protected Credentials(CWE-522)"
}
],
"title": "Pass-Back Attack vulnerability in Konica Minorta bizhub series"
}