A vulnerability has been found in Fujifilm Business Innovation Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /home/index.html#hashHome of the component Web Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains that "during technical verification it is not possible to reproduce any active actions like reboots which were mentioned in the original researcher disclosure."

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00144.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Fujifilm Business Innovation Apeos C3070 affected
Version Status Constraints
22.1.0 affected
22.1.1 affected
22.1.2 affected
22.1.3 affected
22.1.4 affected
22.1.5 affected
22.1.6 affected
22.1.7 affected
22.1.8 affected
22.1.9 affected
22.1.10 affected
22.1.11 affected
22.1.12 affected
22.1.13 affected
22.1.14 affected
22.1.15 affected
22.1.16 affected
22.1.17 affected
22.1.18 affected
22.1.19 affected
22.1.20 affected
22.1.21 affected
22.1.22 affected
22.1.23 affected
22.1.24 affected
22.1.25 affected
22.1.26 affected
22.1.27 affected
22.1.28 affected
22.12.0 affected
22.12.1 affected
22.12.2 affected
23.7.0 affected
23.7.1 affected
23.7.2 affected
23.7.3 affected
23.9.0 affected
23.9.1 affected
23.9.2 affected
23.9.3 affected
23.9.4 affected
23.9.5 affected
23.9.6 affected
23.9.7 affected
23.9.8 affected
23.9.9 affected
23.9.10 affected
23.9.11 affected
23.9.12 affected
23.9.13 affected
23.9.14 affected
23.9.15 affected
23.9.16 affected
23.12.0 affected
23.12.1 affected
23.12.2 affected
23.12.3 affected
23.12.4 affected
23.12.5 affected
23.12.6 affected
23.12.7 affected
23.12.8 affected
23.12.9 affected
23.12.10 affected
23.12.11 affected
23.12.12 affected
23.12.13 affected
23.12.14 affected
23.12.15 affected
24.2.0 affected
24.2.1 affected
24.2.2 affected
24.2.3 affected
24.2.4 affected
24.2.5 affected
24.2.6 affected
24.2.7 affected
24.2.8 affected
24.2.9 affected
24.2.10 affected
24.2.11 affected
24.2.12 affected
24.2.13 affected
24.2.14 affected
24.2.15 affected
24.5.0 affected
24.5.1 affected
24.8.0 affected
24.8.1 affected
24.8.2 affected
24.8.3 affected
24.8.4 affected
24.8.5 affected
24.8.6 affected
24.8.7 affected
24.8.8 affected
24.8.9 affected
24.8.10 affected
24.8.11 affected
24.8.12 affected
24.8.13 affected
24.8.14 affected
24.8.15 affected
24.8.16 affected
24.8.17 affected
24.8.18 affected
24.8.19 affected
24.8.20 affected
24.8.21 affected
24.8.22 affected
24.8.23 affected
24.8.24 affected
24.8.25 affected
24.8.26 affected
24.8.27 affected
24.8.28 affected
Fujifilm Business Innovation Apeos C5570 affected
Version Status Constraints
22.1.0 affected
22.1.1 affected
22.1.2 affected
22.1.3 affected
22.1.4 affected
22.1.5 affected
22.1.6 affected
22.1.7 affected
22.1.8 affected
22.1.9 affected
22.1.10 affected
22.1.11 affected
22.1.12 affected
22.1.13 affected
22.1.14 affected
22.1.15 affected
22.1.16 affected
22.1.17 affected
22.1.18 affected
22.1.19 affected
22.1.20 affected
22.1.21 affected
22.1.22 affected
22.1.23 affected
22.1.24 affected
22.1.25 affected
22.1.26 affected
22.1.27 affected
22.1.28 affected
22.12.0 affected
22.12.1 affected
22.12.2 affected
23.7.0 affected
23.7.1 affected
23.7.2 affected
23.7.3 affected
23.9.0 affected
23.9.1 affected
23.9.2 affected
23.9.3 affected
23.9.4 affected
23.9.5 affected
23.9.6 affected
23.9.7 affected
23.9.8 affected
23.9.9 affected
23.9.10 affected
23.9.11 affected
23.9.12 affected
23.9.13 affected
23.9.14 affected
23.9.15 affected
23.9.16 affected
23.12.0 affected
23.12.1 affected
23.12.2 affected
23.12.3 affected
23.12.4 affected
23.12.5 affected
23.12.6 affected
23.12.7 affected
23.12.8 affected
23.12.9 affected
23.12.10 affected
23.12.11 affected
23.12.12 affected
23.12.13 affected
23.12.14 affected
23.12.15 affected
24.2.0 affected
24.2.1 affected
24.2.2 affected
24.2.3 affected
24.2.4 affected
24.2.5 affected
24.2.6 affected
24.2.7 affected
24.2.8 affected
24.2.9 affected
24.2.10 affected
24.2.11 affected
24.2.12 affected
24.2.13 affected
24.2.14 affected
24.2.15 affected
24.5.0 affected
24.5.1 affected
24.8.0 affected
24.8.1 affected
24.8.2 affected
24.8.3 affected
24.8.4 affected
24.8.5 affected
24.8.6 affected
24.8.7 affected
24.8.8 affected
24.8.9 affected
24.8.10 affected
24.8.11 affected
24.8.12 affected
24.8.13 affected
24.8.14 affected
24.8.15 affected
24.8.16 affected
24.8.17 affected
24.8.18 affected
24.8.19 affected
24.8.20 affected
24.8.21 affected
24.8.22 affected
24.8.23 affected
24.8.24 affected
24.8.25 affected
24.8.26 affected
24.8.27 affected
24.8.28 affected
Fujifilm Business Innovation Apeos C6580 affected
Version Status Constraints
22.1.0 affected
22.1.1 affected
22.1.2 affected
22.1.3 affected
22.1.4 affected
22.1.5 affected
22.1.6 affected
22.1.7 affected
22.1.8 affected
22.1.9 affected
22.1.10 affected
22.1.11 affected
22.1.12 affected
22.1.13 affected
22.1.14 affected
22.1.15 affected
22.1.16 affected
22.1.17 affected
22.1.18 affected
22.1.19 affected
22.1.20 affected
22.1.21 affected
22.1.22 affected
22.1.23 affected
22.1.24 affected
22.1.25 affected
22.1.26 affected
22.1.27 affected
22.1.28 affected
22.12.0 affected
22.12.1 affected
22.12.2 affected
23.7.0 affected
23.7.1 affected
23.7.2 affected
23.7.3 affected
23.9.0 affected
23.9.1 affected
23.9.2 affected
23.9.3 affected
23.9.4 affected
23.9.5 affected
23.9.6 affected
23.9.7 affected
23.9.8 affected
23.9.9 affected
23.9.10 affected
23.9.11 affected
23.9.12 affected
23.9.13 affected
23.9.14 affected
23.9.15 affected
23.9.16 affected
23.12.0 affected
23.12.1 affected
23.12.2 affected
23.12.3 affected
23.12.4 affected
23.12.5 affected
23.12.6 affected
23.12.7 affected
23.12.8 affected
23.12.9 affected
23.12.10 affected
23.12.11 affected
23.12.12 affected
23.12.13 affected
23.12.14 affected
23.12.15 affected
24.2.0 affected
24.2.1 affected
24.2.2 affected
24.2.3 affected
24.2.4 affected
24.2.5 affected
24.2.6 affected
24.2.7 affected
24.2.8 affected
24.2.9 affected
24.2.10 affected
24.2.11 affected
24.2.12 affected
24.2.13 affected
24.2.14 affected
24.2.15 affected
24.5.0 affected
24.5.1 affected
24.8.0 affected
24.8.1 affected
24.8.2 affected
24.8.3 affected
24.8.4 affected
24.8.5 affected
24.8.6 affected
24.8.7 affected
24.8.8 affected
24.8.9 affected
24.8.10 affected
24.8.11 affected
24.8.12 affected
24.8.13 affected
24.8.14 affected
24.8.15 affected
24.8.16 affected
24.8.17 affected
24.8.18 affected
24.8.19 affected
24.8.20 affected
24.8.21 affected
24.8.22 affected
24.8.23 affected
24.8.24 affected
24.8.25 affected
24.8.26 affected
24.8.27 affected
24.8.28 affected

No data.

No data.

No data.

Project Subscriptions

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-51102 A vulnerability has been found in Fujifilm Business Innovation Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /home/index.html#hashHome of the component Web Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains that "during technical verification it is not possible to reproduce any active actions like reboots which were mentioned in the original researcher disclosure."
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://vuldb.com/?ctiid.288958 cve-icon cve-icon
https://vuldb.com/?id.288958 cve-icon cve-icon
https://vuldb.com/?submit.458897 cve-icon cve-icon
https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/1226_announce.html cve-icon cve-icon
History

Tue, 15 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00071}

 epss

{'score': 0.00082}

Fri, 28 Feb 2025 06:45:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Fujifilm Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /home/index.html#hashHome of the component Web Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains that "during technical verification it is not possible to reproduce any active actions like reboots which were mentioned in the original researcher disclosure." A vulnerability has been found in Fujifilm Business Innovation Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /home/index.html#hashHome of the component Web Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains that "during technical verification it is not possible to reproduce any active actions like reboots which were mentioned in the original researcher disclosure."
Title Fujifilm Apeos C3070/Apeos C5570/Apeos C6580 Web Interface index.html#hashHome improper authorization Fujifilm Business Innovation Apeos C3070/Apeos C5570/Apeos C6580 Web Interface index.html#hashHome improper authorization

Wed, 26 Feb 2025 18:15:00 +0000

Type Values Removed Values Added
References

Wed, 26 Feb 2025 16:00:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Fujifilm Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /home/index.html#hashHome of the component Web Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains that the reported behaviors are intended or not reproduced. A vulnerability has been found in Fujifilm Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /home/index.html#hashHome of the component Web Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains that "during technical verification it is not possible to reproduce any active actions like reboots which were mentioned in the original researcher disclosure."

Fri, 27 Dec 2024 07:45:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Fujifilm Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /home/index.html#hashHome of the component Web Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor was contacted early about this disclosure but did not respond in any way. A vulnerability has been found in Fujifilm Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /home/index.html#hashHome of the component Web Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains that the reported behaviors are intended or not reproduced.
References

Wed, 25 Dec 2024 08:00:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Fujifilm Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /home/index.html#hashHome of the component Web Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. A vulnerability has been found in Fujifilm Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /home/index.html#hashHome of the component Web Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor was contacted early about this disclosure but did not respond in any way.

Fri, 20 Dec 2024 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Dec 2024 12:45:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Fujifilm Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /home/index.html#hashHome of the component Web Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Fujifilm Apeos C3070/Apeos C5570/Apeos C6580 Web Interface index.html#hashHome improper authorization
Weaknesses CWE-266
CWE-285
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-02-28T06:36:15.948Z

Reserved: 2024-12-19T07:19:32.765Z

Link: CVE-2024-12782

cve-icon Vulnrichment

Updated: 2024-12-20T21:57:06.893Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-12-19T13:15:05.900

Modified: 2025-02-28T07:15:33.487

Link: CVE-2024-12782

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses