CVE-2023-29984
high-risk
Published 2023-07-11
Null pointer dereference vulnerability exists in multiple vendors MFPs and printers which implement Debut web server 1.2 or 1.3. Processing a specially crafted request may lead an affected product to a denial-of-service (DoS) condition. As for the affected products/models/versions, see the detailed information provided by each vendor.
Do I need to act?
-
0.34% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Docuprint M265 Z Firmware
Docuprint M268 Z Firmware
Docuprint M225 Z Firmware
Docuprint M225 Dw Firmware
Docuprint M268 Dw Firmware
Docuprint P265 Dw Firmware
Docuprint P268 Dw Firmware
Docuprint P268 D Firmware
Docuprint P225 D Firmware
Docuprint M118 Z Firmware
Docuprint M118 W Firmware
Docuprint M115 Z Firmware
Docuprint M115 Fw Firmware
Docuprint M115 W Firmware
Docuprint P118 W Firmware
Docuprint P115 W Firmware
E-Studio 302Dnf Firmware
E-Studio 301Dn Firmware
Dcp-1610W Firmware
Dcp-1610We Firmware
Affected Vendors
References (8)
Third Party Advisory
https://jvn.jp/en/vu/JVNVU93767756/index.html
Third Party Advisory
https://jvn.jp/en/vu/JVNVU93767756/index.html
60
/ 100
high-risk
Severity
26/34 · High
Exploitability
1/34 · Minimal
Exposure
33/34 · Critical