{"id":30599,"date":"2025-09-01T06:04:41","date_gmt":"2025-09-01T06:04:41","guid":{"rendered":"https:\/\/www.konicaminolta.ae\/business\/WPBME\/?p=30599"},"modified":"2025-09-08T12:14:45","modified_gmt":"2025-09-08T12:14:45","slug":"dos-vulnerability-in-the-web-connection-of-konica-minolta-multifunction-printers","status":"publish","type":"post","link":"https:\/\/www.konicaminolta.ae\/business\/WPBME\/dos-vulnerability-in-the-web-connection-of-konica-minolta-multifunction-printers\/","title":{"rendered":"DoS Vulnerability in the Web Connection of Konica Minolta Multifunction Printers"},"content":{"rendered":"<style>.overview-title-simple{color: #224d6f!important;font-weight: 700!important;background-color:transparent!important;text-align: left!important; padding: 5px 0px!important;text-transform: unset!important;font-size: 16px!important;}<\/style>\n<p class=\"mt-2 text-justify mb-2\">Dear Customers,<\/p>\n<p class=\"mt-2 text-justify mb-2\">We deeply appreciate your constant patronage to Konica Minolta products.<\/p>\n<p class=\"mt-2 text-justify mb-2\">A vulnerability that allows a Denial-of-Service (DoS) attack has been newly identified in the indicated models. This advisory provides an overview of the issue and the recommended countermeasures.<\/p>\n<p class=\"mt-2 text-justify mb-2\">Please note that, at the time of publication (August 29th, 2025), there have been no confirmed security incidents globally resulting from the exploitation of this vulnerability.<\/p>\n<p class=\"overview-title-simple mt-3\">Overview of the vulnerabilities<\/p>\n<table border=\"1\" cellpadding=\"8\" cellspacing=\"0\">\n<thead>\n<tr>\n<th>Ref. ID<\/th>\n<th>CVSSv3.1<\/th>\n<th>Base Score<\/th>\n<th>Vulnerabilities description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>CVE-2025-54777<\/td>\n<td>CVSS:3.1\/AV:A\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:L<\/td>\n<td>4.3<\/td>\n<td>\n        Importing a malformed file in [Registration of Certification Information] for<br \/>\nS\/MIME for Email Destination causes the Web Connection to stop.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p class=\"overview-title-simple mt-3\">Affected Models and the countermeasure firmware<\/p>\n<table border=\"1\" cellpadding=\"8\" cellspacing=\"0\">\n<thead>\n<tr>\n<th>Product name<\/th>\n<th>Affected version<\/th>\n<th>Fixed Version<\/th>\n<th>Latest Version (as of August 2025)<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>bizhub C751i<\/td>\n<td rowspan=\"23\">G00-RE or earlier<\/td>\n<td rowspan=\"23\">GC2-RE or later (Except G00-RF)<\/td>\n<td rowspan=\"23\">G00-S7<\/td>\n<\/tr>\n<tr>\n<td>bizhub C651i\/C551i\/C451i<\/td>\n<\/tr>\n<tr>\n<td>bizhub C361i\/C301i\/C251i<\/td>\n<\/tr>\n<tr>\n<td>bizhub C4051i\/C3351i\/C4001i\/C3301i<\/td>\n<\/tr>\n<tr>\n<td>bizhub C3321i<\/td>\n<\/tr>\n<tr>\n<td>bizhub 751i<\/td>\n<\/tr>\n<tr>\n<td>bizhub 651i\/551i\/451i<\/td>\n<\/tr>\n<tr>\n<td>bizhub 361i\/301i<\/td>\n<\/tr>\n<tr>\n<td>bizhub 4751i\/4051i<\/td>\n<\/tr>\n<tr>\n<td>bizhub 4701i<\/td>\n<\/tr>\n<tr>\n<td>bizhub C750i<\/td>\n<\/tr>\n<tr>\n<td>bizhub C650i\/C550i\/C450i<\/td>\n<\/tr>\n<tr>\n<td>bizhub C360i\/C300i\/C250i<\/td>\n<\/tr>\n<tr>\n<td>bizhub C287i\/C257i\/C227i<\/td>\n<\/tr>\n<tr>\n<td>bizhub C4050i\/C3350i\/C4000i\/C3300i<\/td>\n<\/tr>\n<tr>\n<td>bizhub C3320i<\/td>\n<\/tr>\n<tr>\n<td>bizhub 950i\/850i<\/td>\n<\/tr>\n<tr>\n<td>bizhub 750i<\/td>\n<\/tr>\n<tr>\n<td>bizhub 550i\/500i\/450i<\/td>\n<\/tr>\n<tr>\n<td>bizhub 360i\/300i<\/td>\n<\/tr>\n<tr>\n<td>bizhub 306i\/266i\/246i\/226i<\/td>\n<\/tr>\n<tr>\n<td>bizhub 4750i\/4050i<\/td>\n<\/tr>\n<tr>\n<td>bizhub 4700i<\/td>\n<\/tr>\n<tr>\n<td>bizhub C759\/C659<\/td>\n<td rowspan=\"5\">GCQ-Y2 or earlier<\/td>\n<td rowspan=\"5\">GCR-Y2 or later<\/td>\n<td rowspan=\"5\">G00-YE<\/td>\n<\/tr>\n<tr>\n<td>bizhub C658\/C558\/C458<\/td>\n<\/tr>\n<tr>\n<td>bizhub 958\/808\/758<\/td>\n<\/tr>\n<tr>\n<td>bizhub 658e\/558e\/458e<\/td>\n<\/tr>\n<tr>\n<td>bizhub C287\/C227<\/td>\n<\/tr>\n<tr>\n<td>bizhub C368\/C308\/C258<\/td>\n<td rowspan=\"4\">GCQ-X4 or earlier<\/td>\n<td rowspan=\"4\">GCR-X4 or later<\/td>\n<td rowspan=\"4\">G00-YE<\/td>\n<\/tr>\n<tr>\n<td>bizhub 558\/458\/368\/308<\/td>\n<\/tr>\n<tr>\n<td>bizhub C3851\/C3851FS\/C3351<\/td>\n<\/tr>\n<tr>\n<td>bizhub 4752\/4052<\/td>\n<\/tr>\n<tr>\n<td>bizhub 368e\/308e<\/td>\n<td rowspan=\"1\">GCQ-Y3 or earlier<\/td>\n<td rowspan=\"1\">GCR-Y3 or later<\/td>\n<td rowspan=\"1\">G00-YE<\/td>\n<\/tr>\n<tr>\n<td>bizhub 287\/227\/207<\/td>\n<td rowspan=\"1\">GCQ-Y3 or earlier<\/td>\n<td rowspan=\"1\">GCR-Y3 or later<\/td>\n<td rowspan=\"1\">G00-YE<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p class=\"overview-title-simple mt-3\">Impact on Multifunction Printers<\/p>\n<p>Web Connection becomes completely unresponsive. (Other MFP functions are not affected.)<\/p>\n<p class=\"overview-title-simple mt-3\">Remediation<\/p>\n<p class=\"mt-2 text-justify mb-2\">The countermeasure firmware will be applied sequentially, either remotely or during the next visit by your authorized Konica Minolta service representative.<\/p>\n<p class=\"overview-title-simple mt-3\">Vulnerability Specific Recommendation<\/p>\n<p class=\"mt-2 text-justify mb-2\">1. Ensure that the administrator password is secure. If it remains set to its factory default, please change it immediately to a strong complex password.<\/p>\n<p class=\"mt-2 text-justify mb-2\">\nConfiguration: [Utility] &#8211; [Administrator] &#8211; [Security] &#8211; [Administrator Password Setting]<\/p>\n<p class=\"mt-2 text-justify mb-2\">\n2. Restrict non-Admin users from making any address book destination changes.<\/p>\n<p class=\"mt-2 text-justify mb-2\">\nConfiguration: [Utility] &#8211; [Administrator] &#8211; [Security] &#8211; [Restrict User Access] &#8211; [Registering and Changing Addresses]: [Restrict]<\/p>\n<p class=\"overview-title-simple mb-3\">General Security Recommendations<\/p>\n<p class=\"mt-2 text-justify mb-2\">\nTo ensure a secure operating posture for your multifunction devices, and to reduce exposure to the vulnerability described in this advisory, Konica Minolta strongly recommends applying the following configuration best practices:<\/p>\n<p class=\"mt-2 text-justify mb-2\">\n<b>1.&nbsp;Avoid Direct Internet Exposure<\/b><br \/>\nPlace devices behind firewalls and use private IP addressing and Device IP Filtering settings.<\/p>\n<p class=\"mt-2 text-justify mb-2\">\n<b>2. Change Default Passwords<\/b><br \/>\nChange default credentials and implement strong passwords for administrative and network functions.<\/p>\n<p class=\"mt-2 text-justify mb-2\">\n<b>3.&nbsp;Use Strong Passwords for Services<\/b><br \/>\nEnsure strong credentials are configured for SMTP, LDAP, SMB, WebDAV, and any other integrated services.<\/p>\n<p class=\"mt-2 text-justify mb-2\">\n<b>4. Disable Unused Services<\/b><br \/>\nTurn off unused ports or protocols to reduce attack surface.<\/p>\n<p class=\"mt-2 text-justify mb-2\">\n<b>5. Use Secure Protocols<\/b><br \/>\nConfigure devices to use encrypted communications (e.g., HTTPS, LDAPS, IPPS) where supported.<\/p>\n<p class=\"mt-2 text-justify mb-2\">\n<b>6. Monitor Device Activity<\/b><br \/>\nRegularly review device logs and network traffic for suspicious behavior.<\/p>\n<p class=\"mt-2 text-justify mb-2\">\n<b>7.&nbsp;Enable Authentication Where Available<\/b><br \/>\nUse built-in user authentication features to prevent unauthorized access to device functions.<\/p>\n<p class=\"mt-2 text-justify mb-2\">\nFor comprehensive information on secure configuration, please refer to our Product Security web site.<a href=\"https:\/\/www.konicaminolta.com\/global-en\/security\/mfp\/setting\/index.html\"><strong>More information<\/strong><\/a><\/p>\n<p class=\"overview-title-simple mt-3\">Enhancing the Security of Products and Services<\/p>\n<p class=\"mt-2 text-justify mb-2\">\nKonica Minolta considers the security of its products and services to be an important responsibility and will continue to actively respond to incidents and vulnerabilities.<a href=\"https:\/\/www.konicaminolta.com\/about\/csr\/social\/customers\/enhanced_security.html\"><strong>More information<\/strong><\/a><\/p>\n<p class=\"overview-title-simple mt-3\">Related Information<\/p>\n<p class=\"mt-2 text-justify mb-2\">JVNVU#XXXXXXXX<\/p>\n<p class=\"overview-title-simple mt-3\">Acknowledgements<\/p>\n<p class=\"mt-2 text-justify mb-2\">We would like to express our sincere appreciation to the penetration testers Miguel Alves (0xmupa) for discovering and responsibly reporting this vulnerability.<\/p>\n<p class=\"overview-title-simple mt-3\">Contact<\/p>\n<p class=\"mt-2 text-justify mb-2\">Should you require further clarification or assistance with implementing the recommended measures or applying the relevant firmware update, please contact your authorized Konica Minolta service representative.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Dear Customers, We deeply appreciate your constant patronage to Konica Minolta products. A vulnerability that allows a Denial-of-Service (DoS) attack has been newly identified in the indicated models. This advisory provides an overview of the issue and the recommended countermeasures. Please note that, at the time of publication (August 29th, 2025), there have been no [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-30599","post","type-post","status-publish","format-standard","hentry","category-letest-news"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.konicaminolta.ae\/business\/WPBME\/wp-json\/wp\/v2\/posts\/30599","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.konicaminolta.ae\/business\/WPBME\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.konicaminolta.ae\/business\/WPBME\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.konicaminolta.ae\/business\/WPBME\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.konicaminolta.ae\/business\/WPBME\/wp-json\/wp\/v2\/comments?post=30599"}],"version-history":[{"count":20,"href":"https:\/\/www.konicaminolta.ae\/business\/WPBME\/wp-json\/wp\/v2\/posts\/30599\/revisions"}],"predecessor-version":[{"id":30633,"href":"https:\/\/www.konicaminolta.ae\/business\/WPBME\/wp-json\/wp\/v2\/posts\/30599\/revisions\/30633"}],"wp:attachment":[{"href":"https:\/\/www.konicaminolta.ae\/business\/WPBME\/wp-json\/wp\/v2\/media?parent=30599"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.konicaminolta.ae\/business\/WPBME\/wp-json\/wp\/v2\/categories?post=30599"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.konicaminolta.ae\/business\/WPBME\/wp-json\/wp\/v2\/tags?post=30599"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}