All the vulnerabilites related to Brother Industries - Web Based Management
jvndb-2024-000026
Vulnerability from jvndb
Published
2024-03-06 18:12
Modified
2024-03-06 18:12
Severity ?
Summary
Multiple vulnerabilities in printers and scanners which implement BROTHER Web Based Management
Details
Multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. contain multiple vulnerabilities listed below.
* Improper Authentication (CWE-287) - CVE-2024-21824
* Cross-Site Request Forgery (CWE-352) - CVE-2024-22475
Hiroki Yasui, Yudai Morii, Takaya Noma, Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN82749078/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-21824 | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-22475 | |
| Improper Authentication(CWE-287) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html | |
| Cross-Site Request Forgery(CWE-352) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Brother Industries | Web Based Management |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000026.html",
"dc:date": "2024-03-06T18:12+09:00",
"dcterms:issued": "2024-03-06T18:12+09:00",
"dcterms:modified": "2024-03-06T18:12+09:00",
"description": "Multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. contain multiple vulnerabilities listed below.\r\n\r\n * Improper Authentication (CWE-287) - CVE-2024-21824\r\n * Cross-Site Request Forgery (CWE-352) - CVE-2024-22475\r\n\r\nHiroki Yasui, Yudai Morii, Takaya Noma, Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000026.html",
"sec:cpe": {
"#text": "cpe:/a:brother:web_based_management",
"@product": "Web Based Management",
"@vendor": "Brother Industries",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.9",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2024-000026",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN82749078/index.html",
"@id": "JVN#82749078",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-21824",
"@id": "CVE-2024-21824",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-22475",
"@id": "CVE-2024-22475",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-287",
"@title": "Improper Authentication(CWE-287)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "Multiple vulnerabilities in printers and scanners which implement BROTHER Web Based Management"
}