VYPR
← All advisories
Medium severity6.1NVD Advisory· Published Mar 18, 2024· Updated Apr 15, 2026

CVE-2024-22475

CVE-2024-22475

Description

Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cross-site request forgery in Brother Web Based Management allows remote attackers to perform unauthorized operations on printers/scanners via crafted requests.

Vulnerability

Overview

CVE-2024-22475 is a cross-site request forgery (CSRF) vulnerability in the Web Based Management interface embedded in multiple printers and scanners from Brother Industries and other vendors [1][3]. The vulnerability stems from insufficient validation of requests, allowing an attacker to force an authenticated user to execute unintended actions on the device.

Exploitation

An attacker can exploit this vulnerability by tricking a logged-in user into visiting a malicious webpage or clicking a crafted link. The attack requires the user to be currently authenticated to the Web Based Management interface, and the attacker must be able to deliver a malicious page to the user's browser [3]. No authentication is required for the attacker themselves, and the attack can be launched remotely over the network [1].

Impact

Successful exploitation enables the attacker to view or change device settings and stored information without authorization [1][3]. This could lead to unauthorized configuration changes, data exposure, or further compromise of the affected device.

Mitigation

Vendors have released firmware updates to address this vulnerability. Users are advised to apply the latest firmware for their specific device model and follow any additional workarounds provided by the manufacturer [1][3].

References
  1. Notification on the vulnerabilities for Web Based Management embedded in FUJIFLM printers | FUJIFILM Business Innovation
  2. Multiple vulnerabilities in printers and scanners which implement BROTHER Web Based Management

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.