FUJIFILM Printer Flaw Allows Attackers to Trigger DoS Attacks
FUJIFILM Business Innovation has disclosed a critical vulnerability affecting multiple printer models that could allow attackers to launch denial-of-service (DoS) attacks through specially crafted network packets.
The vulnerability, tracked as CVE-2025-48499, affects the Internet Printing Protocol (IPP) and Line Printer Daemon (LPD) protocol processing capabilities of affected devices.
Vulnerability Details
The security flaw stems from an out-of-bounds write vulnerability in the printer’s buffer memory handling system.
When processing specific IPP or LPD protocol packets, the printer fails to properly validate data length, potentially allowing data to be written beyond the designated buffer area.
This buffer overflow condition can cause the affected multifunction printers (MFPs) to freeze completely, requiring a manual reboot to restore functionality.
The vulnerability has been assigned a CVSS v3.1 score of 5.3 (Medium severity) and a CVSS v4.0 score of 6.9 (Medium severity), indicating moderate risk levels.
Attackers can exploit this flaw remotely without requiring authentication or user interaction, making it particularly concerning for network-connected printers.
| Affected Models | Affected Firmware Versions | Fixed Firmware Versions |
| DocuPrint CP225 w, CP228 w | 01.23.02 or earlier | 01.24.00 or later |
| DocuPrint CP115 w, CP118 w | 01.09.00 or earlier | 01.11.00 or later |
| DocuPrint CP116 w, CP119 w | 01.09.00 or earlier | 01.11.00 or later |
| DocuPrint CM225fw, CM228fw | 01.12.02 or earlier | 01.13.00 or later |
| DocuPrint CM115 w, CM118 w | 01.09.01 or earlier | 01.11.00 or later |
| Apoes 2150 N, 2350 NDA, 2150 ND, 2150 NDA | 01.00.47 or earlier | 01.20.50 or later |
The vulnerability was discovered by security researchers Jia-Ju Bai, Rui-Nan Hu, Dong Zhang, and Zhen-Yu Guan from the School of Cyber Science and Technology at Beihang University.
FUJIFILM has acknowledged their contribution and released fixed firmware versions for all affected models.
FUJIFILM strongly recommends that customers immediately update their printer firmware to the latest fixed versions.
As interim measures, organizations should deploy affected printers behind firewalls to limit exposure to potential attacks and be prepared to reboot devices if they become unresponsive.
The company provides detailed support information through their business innovation support website for customers requiring assistance with firmware updates.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!
Source link
