Search criteria
6 vulnerabilities by Brother Industries, Ltd.
CVE-2025-49797 (GCVE-0-2025-49797)
Vulnerability from cvelistv5 – Published: 2025-06-25 09:25 – Updated: 2025-08-19 06:48
VLAI?
Summary
Multiple Brother driver installers for Windows contain a privilege escalation vulnerability. If exploited, an arbitrary program may be executed with the administrative privilege. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Severity ?
CWE
- CWE-552 - Files or directories accessible to external parties
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| BROTHER INDUSTRIES, LTD. | Multiple driver installers for Windows |
Affected:
see the information provided by the vendor
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49797",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-25T12:22:16.386782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T12:41:07.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Multiple driver installers for Windows",
"vendor": "BROTHER INDUSTRIES, LTD.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple driver installers for Windows",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple driver installers for Windows",
"vendor": "Ricoh Company, Ltd.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Brother driver installers for Windows contain a privilege escalation vulnerability. If exploited, an arbitrary program may be executed with the administrative privilege. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "Files or directories accessible to external parties",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T06:48:21.242Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://support.brother.com/g/s/security/"
},
{
"url": "https://www.toshibatec.com/information/20250625_01.html"
},
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000009"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91819309/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-49797",
"datePublished": "2025-06-25T09:25:53.381Z",
"dateReserved": "2025-06-11T04:48:58.284Z",
"dateUpdated": "2025-08-19T06:48:21.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22475 (GCVE-0-2024-22475)
Vulnerability from cvelistv5 – Published: 2024-03-18 08:03 – Updated: 2024-10-27 21:26
VLAI?
Summary
Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Severity ?
6.1 (Medium)
CWE
- Cross-site request forgery (CSRF)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| BROTHER INDUSTRIES, LTD. | Multiple printers and scanners |
Affected:
see the information provided by the vendor
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-22475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T18:18:38.595032Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T21:26:34.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:51:09.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.brother.com/g/b/link.aspx?prod=group2\u0026faqid=faqp00100601_000"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.brother.com/g/b/link.aspx?prod=lmgroup1\u0026faqid=faq00100823_000"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.toshibatec.com/information/20240306_01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN82749078/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple printers and scanners",
"vendor": "BROTHER INDUSTRIES, LTD.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple printers and scanners",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple printers and scanners",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple printers and scanners",
"vendor": "RICOH COMPANY, LTD.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery (CSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-18T08:03:36.146Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://support.brother.com/g/b/link.aspx?prod=group2\u0026faqid=faqp00100601_000"
},
{
"url": "https://support.brother.com/g/b/link.aspx?prod=lmgroup1\u0026faqid=faq00100823_000"
},
{
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html"
},
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002"
},
{
"url": "https://www.toshibatec.com/information/20240306_01.html"
},
{
"url": "https://jvn.jp/en/jp/JVN82749078/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-22475",
"datePublished": "2024-03-18T08:03:36.146Z",
"dateReserved": "2024-02-09T04:42:38.473Z",
"dateUpdated": "2024-10-27T21:26:34.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21824 (GCVE-0-2024-21824)
Vulnerability from cvelistv5 – Published: 2024-03-18 08:01 – Updated: 2024-11-07 15:26
VLAI?
Summary
Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative user. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Severity ?
5.3 (Medium)
CWE
- Improper authentication
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| BROTHER INDUSTRIES, LTD. | Multiple printers and scanners |
Affected:
see the information provided by the vendor
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-21824",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T18:20:15.364083Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T15:26:23.509Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.brother.com/g/b/link.aspx?prod=group2\u0026faqid=faqp00100601_000"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.brother.com/g/b/link.aspx?prod=lmgroup1\u0026faqid=faq00100823_000"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.toshibatec.com/information/20240306_01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN82749078/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple printers and scanners",
"vendor": "BROTHER INDUSTRIES, LTD.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple printers and scanners",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple printers and scanners",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple printers and scanners",
"vendor": "RICOH COMPANY, LTD.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative user. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-18T08:01:57.734Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://support.brother.com/g/b/link.aspx?prod=group2\u0026faqid=faqp00100601_000"
},
{
"url": "https://support.brother.com/g/b/link.aspx?prod=lmgroup1\u0026faqid=faq00100823_000"
},
{
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html"
},
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002"
},
{
"url": "https://www.toshibatec.com/information/20240306_01.html"
},
{
"url": "https://jvn.jp/en/jp/JVN82749078/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-21824",
"datePublished": "2024-03-18T08:01:57.734Z",
"dateReserved": "2024-02-09T04:42:37.389Z",
"dateUpdated": "2024-11-07T15:26:23.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51654 (GCVE-0-2023-51654)
Vulnerability from cvelistv5 – Published: 2023-12-26 05:33 – Updated: 2024-08-02 22:40
VLAI?
Summary
Improper link resolution before file access ('Link Following') issue exists in iPrint&Scan Desktop for Windows versions 11.0.0 and earlier. A symlink attack by a malicious user may cause a Denial-of-service (DoS) condition on the PC.
Severity ?
No CVSS data available.
CWE
- Improper Link Resolution Before File Access ('Link Following')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Brother Industries, Ltd. | iPrint&Scan Desktop for Windows |
Affected:
11.0.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:33.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU97943829/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iPrint\u0026Scan Desktop for Windows",
"vendor": "Brother Industries, Ltd.",
"versions": [
{
"status": "affected",
"version": "11.0.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper link resolution before file access (\u0027Link Following\u0027) issue exists in iPrint\u0026Scan Desktop for Windows versions 11.0.0 and earlier. A symlink attack by a malicious user may cause a Denial-of-service (DoS) condition on the PC."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-26T05:33:57.383Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU97943829/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-51654",
"datePublished": "2023-12-26T05:33:57.383Z",
"dateReserved": "2023-12-20T23:27:53.139Z",
"dateUpdated": "2024-08-02T22:40:33.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28369 (GCVE-0-2023-28369)
Vulnerability from cvelistv5 – Published: 2023-05-18 00:00 – Updated: 2025-01-22 16:31
VLAI?
Summary
Brother iPrint&Scan V6.11.2 and earlier contains an improper access control vulnerability. This vulnerability may be exploited by the other app installed on the victim user's Android device, which may lead to displaying the settings and/or log information of the affected app as a print preview.
Severity ?
CWE
- Improper access control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BROTHER INDUSTRIES, LTD. | Brother iPrint&Scan |
Affected:
V6.11.2 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:24.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.brother.com/g/b/link.aspx?prod=group2\u0026faqid=faq00100794_000"
},
{
"tags": [
"x_transferred"
],
"url": "https://faq.brother.co.jp/app/answers/detail/a_id/13468"
},
{
"tags": [
"x_transferred"
],
"url": "https://play.google.com/store/apps/details?id=com.brother.mfc.brprint"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU97891206/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28369",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T16:31:16.583241Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T16:31:20.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Brother iPrint\u0026Scan",
"vendor": "BROTHER INDUSTRIES, LTD.",
"versions": [
{
"status": "affected",
"version": "V6.11.2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Brother iPrint\u0026Scan V6.11.2 and earlier contains an improper access control vulnerability. This vulnerability may be exploited by the other app installed on the victim user\u0027s Android device, which may lead to displaying the settings and/or log information of the affected app as a print preview."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper access control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://support.brother.com/g/b/link.aspx?prod=group2\u0026faqid=faq00100794_000"
},
{
"url": "https://faq.brother.co.jp/app/answers/detail/a_id/13468"
},
{
"url": "https://play.google.com/store/apps/details?id=com.brother.mfc.brprint"
},
{
"url": "https://jvn.jp/en/vu/JVNVU97891206/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-28369",
"datePublished": "2023-05-18T00:00:00",
"dateReserved": "2023-03-15T00:00:00",
"dateUpdated": "2025-01-22T16:31:20.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2244 (GCVE-0-2017-2244)
Vulnerability from cvelistv5 – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmware ver.D and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Cross-site request forgery
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BROTHER INDUSTRIES, LTD. | MFC-J960DWN |
Affected:
firmware ver.D and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:04.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.brother.co.jp/j/s/support/vul_info/JVN95996423/index.html"
},
{
"name": "JVN#95996423",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN95996423/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MFC-J960DWN",
"vendor": "BROTHER INDUSTRIES, LTD.",
"versions": [
{
"status": "affected",
"version": "firmware ver.D and earlier"
}
]
}
],
"datePublic": "2017-07-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmware ver.D and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.brother.co.jp/j/s/support/vul_info/JVN95996423/index.html"
},
{
"name": "JVN#95996423",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN95996423/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MFC-J960DWN",
"version": {
"version_data": [
{
"version_value": "firmware ver.D and earlier"
}
]
}
}
]
},
"vendor_name": "BROTHER INDUSTRIES, LTD."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmware ver.D and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.brother.co.jp/j/s/support/vul_info/JVN95996423/index.html",
"refsource": "CONFIRM",
"url": "http://support.brother.co.jp/j/s/support/vul_info/JVN95996423/index.html"
},
{
"name": "JVN#95996423",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN95996423/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2244",
"datePublished": "2017-07-07T13:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:04.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}