All the vulnerabilites related to KONICA MINOLTA, INC. - (Multiple Products)
jvndb-2025-014081
Vulnerability from jvndb
Published
2025-09-19 10:52
Modified
2025-09-19 10:52
Summary
Multiple Brother and its OEM products with weak initial administrator passwords
Details
Multiple products provided by BROTHER INDUSTRIES, LTD and other OEM vendors are setup with weak initial administrator passwords, which can be derived from their serial numbers.
This is reported by Rapid7, and treated on <a href="https://jvn.jp/en/vu/JVNVU90043828/"target="blank">JVNVU#90043828</a>, <a href="https://www.cve.org/CVERecord?id=CVE-2024-51978"target="blank">CVE-2024-51978</a>.
Brother states that
(1) serial numbers have been available without authentication by design, for system management purposes, and
(2) to fix CVE-2024-51978, the production-lines have been revised to introduce the initial passwords which are hard to derive from its serial numbers
After the publication of CVE-2024-51978, runZero reported that eSCL/uscan can be also used to retrieve serial numbers without authentication.
eSCL/uscan is not described in CVE-2024-51977, and considering the existence of CVE-2024-51978, Austin Hackers Anonymous assigns <a href="https://www.cve.org/CVERecord?id=CVE-2025-8452"target="blank">CVE-2025-8452</a>.
runZero reported this issue to the developer.
JPCERT/CC coordinated between the reporter and the developer.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/vu/JVNVU93294882/index.html | |
| JVN | https://jvn.jp/en/vu/JVNVU90043828/ | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2025-8452 | |
| Related Information | https://takeonme.org/cves/cve-2025-8452/ | |
| Related Information | https://www.runzero.com/blog/brother-devices/ |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-014081.html",
"dc:date": "2025-09-19T10:52+09:00",
"dcterms:issued": "2025-09-19T10:52+09:00",
"dcterms:modified": "2025-09-19T10:52+09:00",
"description": "Multiple products provided by BROTHER INDUSTRIES, LTD and other OEM vendors are setup with weak initial administrator passwords, which can be derived from their serial numbers.\r\nThis is reported by Rapid7, and treated on \u003ca href=\"https://jvn.jp/en/vu/JVNVU90043828/\"target=\"blank\"\u003eJVNVU#90043828\u003c/a\u003e, \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51978\"target=\"blank\"\u003eCVE-2024-51978\u003c/a\u003e.\r\nBrother states that\r\n (1) serial numbers have been available without authentication by design, for system management purposes, and\r\n (2) to fix CVE-2024-51978, the production-lines have been revised to introduce the initial passwords which are hard to derive from its serial numbers\r\n\r\nAfter the publication of CVE-2024-51978, runZero reported that eSCL/uscan can be also used to retrieve serial numbers without authentication.\r\neSCL/uscan is not described in CVE-2024-51977, and considering the existence of CVE-2024-51978, Austin Hackers Anonymous assigns \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2025-8452\"target=\"blank\"\u003eCVE-2025-8452\u003c/a\u003e.\r\n\r\nrunZero reported this issue to the developer.\r\nJPCERT/CC coordinated between the reporter and the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-014081.html",
"sec:cpe": [
{
"#text": "cpe:/a:brother:multiple_products",
"@product": "(Multiple Products)",
"@vendor": "Brother Industries",
"@version": "2.2"
},
{
"#text": "cpe:/a:toshibatec:multiple_product",
"@product": "(Multiple Products)",
"@vendor": "TOSHIBA TEC",
"@version": "2.2"
},
{
"#text": "cpe:/o:konicaminolta:multiple_product",
"@product": "(Multiple Products)",
"@vendor": "KONICA MINOLTA, INC.",
"@version": "2.2"
}
],
"sec:identifier": "JVNDB-2025-014081",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU93294882/index.html",
"@id": "JVNVU#93294882",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/vu/JVNVU90043828/",
"@id": "JVNVU#90043828",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-8452",
"@id": "CVE-2025-8452",
"@source": "CVE"
},
{
"#text": "https://takeonme.org/cves/cve-2025-8452/",
"@id": "Brother Printer Serial Number Disclosure",
"@source": "Related Information"
},
{
"#text": "https://www.runzero.com/blog/brother-devices/",
"@id": "How to find Brother printer, scanner and label maker devices on your network",
"@source": "Related Information"
}
],
"title": "Multiple Brother and its OEM products with weak initial administrator passwords"
}
jvndb-2025-007607
Vulnerability from jvndb
Published
2025-07-01 14:09
Modified
2025-07-01 14:09
Severity ?
Summary
Pass-Back Attack vulnerability in Konica Minorta bizhub series
Details
Konica Minorta bizhub series provided by Konica Minolta, Inc. contains the following vulnerability.
<ul>
<li>Vulnerability that could allow a Pass-Back Attack (CWE-522) - CVE-2025-6081</li>
</ul>
Konica Minolta, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/vu/JVNVU93850661/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2025-6081 | |
| Insufficiently Protected Credentials(CWE-522) | https://cwe.mitre.org/data/definitions/522.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| KONICA MINOLTA, INC. | (Multiple Products) |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-007607.html",
"dc:date": "2025-07-01T14:09+09:00",
"dcterms:issued": "2025-07-01T14:09+09:00",
"dcterms:modified": "2025-07-01T14:09+09:00",
"description": "Konica Minorta bizhub series provided by Konica Minolta, Inc. contains the following vulnerability.\r\n\r\n\r\n\u003cul\u003e\r\n\u003cli\u003eVulnerability that could allow a Pass-Back Attack (CWE-522) - CVE-2025-6081\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\nKonica Minolta, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-007607.html",
"sec:cpe": {
"#text": "cpe:/o:konicaminolta:multiple_product",
"@product": "(Multiple Products)",
"@vendor": "KONICA MINOLTA, INC.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-007607",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU93850661/index.html",
"@id": "JVNVU#93850661",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-6081",
"@id": "CVE-2025-6081",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/522.html",
"@id": "CWE-522",
"@title": "Insufficiently Protected Credentials(CWE-522)"
}
],
"title": "Pass-Back Attack vulnerability in Konica Minorta bizhub series"
}
jvndb-2025-012659
Vulnerability from jvndb
Published
2025-09-01 15:22
Modified
2025-09-01 15:22
Severity ?
Summary
Denial-of-service (DoS) vulnerability in Konica Minolta bizhub series
Details
A vulnerability that could allow a Denial-of-Service (DoS) is reported in the Konica Minolta bizhub series.
Konica Minolta bizhub series provided by Konica Minolta, Inc. contains the following vulnerability.
<ul><li>Uncaught exception (CWE-248) - CVE-2025-54777</li></ul>
Konica Minolta, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/vu/JVNVU99831542/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2025-54777 | |
| Uncaught Exception(CWE-248) | https://cwe.mitre.org/data/definitions/248.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| KONICA MINOLTA, INC. | (Multiple Products) |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-012659.html",
"dc:date": "2025-09-01T15:22+09:00",
"dcterms:issued": "2025-09-01T15:22+09:00",
"dcterms:modified": "2025-09-01T15:22+09:00",
"description": "A vulnerability that could allow a Denial-of-Service (DoS) is reported in the Konica Minolta bizhub series.\r\n\r\nKonica Minolta bizhub series provided by Konica Minolta, Inc. contains the following vulnerability.\r\n\u003cul\u003e\u003cli\u003eUncaught exception (CWE-248) - CVE-2025-54777\u003c/li\u003e\u003c/ul\u003e\r\n\r\nKonica Minolta, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-012659.html",
"sec:cpe": {
"#text": "cpe:/o:konicaminolta:multiple_product",
"@product": "(Multiple Products)",
"@vendor": "KONICA MINOLTA, INC.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-012659",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU99831542/index.html",
"@id": "JVNVU#99831542",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-54777",
"@id": "CVE-2025-54777",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/248.html",
"@id": "CWE-248",
"@title": "Uncaught Exception(CWE-248)"
}
],
"title": "Denial-of-service (DoS) vulnerability in Konica Minolta bizhub series"
}