Notification about the vulnerability for Web Based Management embedded in FUJIFILM printers

June 29, 2023

Dear Customers,

First of all, we would like to thank you for your continuous support towards FUJIFILM products.
A potential vulnerability was found in the Web Based Management embedded in our printers list in the table below.

We recommend customers to check if your printer falls under the list and is affected by this vulnerability. If so, please consider upgrading the devices with the fixed firmware described below.

Affected models and the versions of fixed firmware

The models listed below are affected by this vulnerability.
Firmware versions listed below DO NOT have this vulnerability.

Affected models Fixed firmware versions
DocuPrint P115 w Ver.1.11
DocuPrint P118 w Ver.L
DocuPrint M115 w Ver.L
DocuPrint M115 fw Ver.L
DocuPrint M115 z Ver.L
DocuPrint M118 w Ver.L
DocuPrint M118 z Ver.L
DocuPrint P225 d Ver.1.17
DocuPrint P268 d Ver.1.21
DocuPrint P268 dw Ver.1.21
DocuPrint P265 dw Ver.1.21
DocuPrint M268 dw Ver.L
DocuPrint M225 dw Ver.N
DocuPrint M225 z Ver.N
DocuPrint M268 z Ver.L
DocuPrint M265 z Ver.N

Details of vulnerability

Web Based Management is embedded in the above models, and it is possible to operate the devices or change configuration of the devices via web browser. If the vulnerability is exploited by unauthorized party using a specific method, the device may reboot.

The documentation or data saved in the devices never leak even the vulnerability is attacked

Countermeasure

Please update the firmware to the fixed version. There are links to the download page in the above “Affected models and the versions of fixed firmware” table.

Workarounds

We would like the customers to perform the below workarounds until the firmware is updated to the fixed version. It is possible to reduce the risk of attack.

  • Please use your multi-function or single-function printers within the network protected by firewall etc.
  • If access from the Internet is permitted, please consider allowing the access to restricted IP addresses only or use VPN to connect.

Related Information

Acknowledgement

We would like to express gratitude to Mr. Darren Johnson for the finding of this vulnerability.

Contact

Please visit the FUJIFILM Business Innovation support website for more details:

https://support-fb.fujifilm.com/