Two others, CVE-2024-51980 and CVE-2024-51981, enable server-side request forgery (SSRF), allowing printers to send crafted requests into internal networks they shouldn’t be talking to. In corporate environments, this could let attackers probe internal services, bypass access controls, or pivot deeper into the network. Finally, CVE-2024-51984 exposes plaintext credentials for services such as LDAP or FTP to authenticated users, offering a potential jump-off point for wider compromise.
In addition to 689 models of Brother printers, scanners, and label makers, some of the vulnerabilities affect 46 Fujifilm models, 5 from Ricoh, 2 from Toshiba Tec, and 6 from Konica Minolta.
Except for Brother’s admin bypass flaw, all vulnerabilities have been addressed through respective firmware updates, Rapid7 added.
