Published:2023/06/29  Last Updated:2023/06/29

JVNVU#93767756
Null pointer dereference vulnerability in multiple printers and MFPs which implement BROTHER debut web server

Overview

Multiple printers and MFPs (multifunction printers) which implement BROTHER debut web server contain a null pointer dereference vulnerability.

Products Affected

  • Specific products/models/versions which implement debut web server 1.20 or 1.30
As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed below.

Description

Multiple printers and MFPs (multifunction printers) which implement Brother debut web server contain a null pointer dereference vulnerability (CWE-476, CVE-2023-29984).

Impact

Processing a specially crafted request may lead the affected products to a denial-of-service (DoS) condition.

Solution

Update the firmware
Apply the appropriate firmware update according to the information provided by the respective vendors.
For the details of the updates, refer to the information provided by the respective vendors from [Vendor Status] section.

Vendor Status

Vendor Status Last Update Vendor Notes
Brother Industries, Ltd. Vulnerable 2023/06/29 Brother Industries, Ltd. website
FUJIFILM Business Innovation Corp. Vulnerable 2023/06/29 FUJIFILM Business Innovation Corp. website
TOSHIBA TEC CORPORATION Vulnerable 2023/06/29 TOSHIBA TEC CORPORATION website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Base Score: 5.3
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)

Credit

Darren Johnson directly reported this vulnerability to BROTHER INDUSTRIES, LTD. and FUJIFILM Business Innovation Corp., and both vendors reported this case to JPCERT/CC to request the coordination between the reporter and the susceptible multiple vendors.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia