Notification about the vulnerability for Web Based Management embedded in FUJIFILM printers
June 29, 2023
Dear Customers,
First of all, we would like to thank you for your continuous support towards FUJIFILM products.
A potential vulnerability was found in the Web Based Management embedded in our printers list in the table below.
We recommend customers to check if your printer falls under the list and is affected by this vulnerability. If so, please consider upgrading the devices with the fixed firmware described below.
Affected models and the versions of fixed firmware
The models listed below are affected by this vulnerability.
Firmware versions listed below DO NOT have this vulnerability.
Affected models | Fixed firmware versions |
---|---|
DocuPrint P115 w | Ver.1.11 |
DocuPrint P118 w | Ver.L |
DocuPrint M115 w | Ver.L |
DocuPrint M115 fw | Ver.L |
DocuPrint M115 z | Ver.L |
DocuPrint M118 w | Ver.L |
DocuPrint M118 z | Ver.L |
DocuPrint P225 d | Ver.1.17 |
DocuPrint P268 d | Ver.1.21 |
DocuPrint P268 dw | Ver.1.21 |
DocuPrint P265 dw | Ver.1.21 |
DocuPrint M268 dw | Ver.L |
DocuPrint M225 dw | Ver.N |
DocuPrint M225 z | Ver.N |
DocuPrint M268 z | Ver.L |
DocuPrint M265 z | Ver.N |
Details of vulnerability
Web Based Management is embedded in the above models, and it is possible to operate the devices or change configuration of the devices via web browser. If the vulnerability is exploited by unauthorized party using a specific method, the device may reboot.
The documentation or data saved in the devices never leak even the vulnerability is attacked
Countermeasure
Please update the firmware to the fixed version. There are links to the download page in the above “Affected models and the versions of fixed firmware” table.
Workarounds
We would like the customers to perform the below workarounds until the firmware is updated to the fixed version. It is possible to reduce the risk of attack.
- Please use your multi-function or single-function printers within the network protected by firewall etc.
- If access from the Internet is permitted, please consider allowing the access to restricted IP addresses only or use VPN to connect.
Related Information
Acknowledgement
We would like to express gratitude to Mr. Darren Johnson for the finding of this vulnerability.
Contact
Please visit the FUJIFILM Business Innovation support website for more details: