JVNDB-2023-002270

Null pointer dereference vulnerability in multiple printers and MFPs which implement BROTHER debut web server

Multiple printers and MFPs (multifunction printers) which implement Brother debut web server contain a null pointer dereference vulnerability (CWE-476, CVE-2023-29984).

Darren Johnson directly reported this vulnerability to BROTHER INDUSTRIES, LTD. and FUJIFILM Business Innovation Corp., and both vendors reported this case to JPCERT/CC to request the coordination between the reporter and the susceptible multiple vendors.

Brother Industries

• debutwebserver Specific products/models/versions which implement debut web server 1.20 or 1.30

As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors.

Processing a specially crafted request may lead the affected products to a denial-of-service (DoS) condition.

[Update the firmware]
Apply the appropriate firmware update according to the information provided by the respective vendors.
For the details of the updates, refer to the information provided by the respective vendors from [Vendor Status] section.

Brother Industries

• BROTHER INDUSTRIES, LTD. : FAQs & Troubleshooting

TOSHIBA TEC

• TOSHIBA TEC : Response to vulnerability in the "Web Browser Configuration" function installed in some Toshiba Tec's digital multi-function peripherals

FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)

• FUJIFILM Business Innovation Corp. : Notification about the vulnerability for Web Based Management embedded in FUJIFILM printers

1. NULL Pointer Dereference(CWE-476) [Other]

1. CVE-2023-29984

1. JVN : JVNVU#93767756
2. National Vulnerability Database (NVD) : CVE-2023-29984

• [2023/06/30]
    Web page was published
• [2024/04/22]
    References : Content was added