Thank you for using our products.

A vulnerability has been identified in the "Web Browser Configuration" function of some of our multi-function peripherals. This issue does not result in the leakage of information from the product to outside parties

Vulnerability details

Target Products

e-STUDIO 301DN/ 302DNF (These products have been sold only in the Chinese market.)

1.Vulnerability Reference

CVE-2024-21824  Session Management Vulnerability

Details

An attacker could log into the server setting screen using the cookie values that they stole by eavesdropping communications or attacking the user's web browser.

2.Vulnerability Reference

CVE-2024-22475  Cross-site Request Forgery Vulnerability

Details:

If the user accesses a web page that an attacker set up and submits requests to the machine, the settings of the Web Based Management could be tampered.

Solution

Ask your service company to update the main unit software.

Workaround

When connecting to the Internet, connect to a network protected through a firewall as described in the manual.