Improper Authorization Vulnerability in Fujifilm Apeos Printers
CVE-2024-12782

6.9MEDIUM

Key Information:

Vendor: Fujifilm Business Innovation
Status: Apeos C3070; Apeos C5570; Apeos C6580
Vendor: CVE Published:; 19 December 2024

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-12782?

CVE-2024-12782 represents a critical security vulnerability found in the web interface of Fujifilm's Apeos series printers (C3070, C5570, C6580), specifically within the code of the file located at /home/index.html#hashHome. The vulnerability allows for improper authorization, which can potentially be exploited by attackers to gain unauthorized access remotely. The exploit has already been disclosed publicly, and despite early notifications to Fujifilm regarding this security flaw, no response has been recorded. Its implications for organizational security are significant, necessitating immediate attention from affected users.

Affected Version(s)

Apeos C3070 22.1.0

Apeos C3070 22.1.1

Apeos C3070 22.1.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-12782 - Proof of Concept

References

https://vuldb.com/?id.288958

vdb-entrytechnical-description

https://vuldb.com/?ctiid.288958

signaturepermissions-required

https://vuldb.com/?submit.458897

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

🟡
Public PoC available
Dec 19, 2024
👾
Exploit known to exist
Dec 19, 2024
Vulnerability published
Dec 19, 2024
Vulnerability Reserved
Dec 19, 2024

Credit

dycc (VulDB User)

Fujifilm Business Innovation