{"id":11574,"date":"2025-10-30T13:47:13","date_gmt":"2025-10-30T06:47:13","guid":{"rendered":"https:\/\/www.konicaminolta.vn\/business\/?page_id=11574"},"modified":"2025-10-30T17:43:52","modified_gmt":"2025-10-30T10:43:52","slug":"dos-vulnerability-in-the-web-connection-of-konica-minolta-multifunction-printers","status":"publish","type":"page","link":"https:\/\/www.konicaminolta.vn\/business\/en\/dos-vulnerability-in-the-web-connection-of-konica-minolta-multifunction-printers\/","title":{"rendered":"DoS Vulnerability in the Web Connection of Konica Minolta Multifunction Printers"},"content":{"rendered":"<p><strong>DoS Vulnerability in the Web Connection of Konica Minolta Multifunction Printers<\/strong><\/p>\n<p>Dear Customers,<\/p>\n<p>We deeply appreciate your constant patronage to Konica Minolta products.<\/p>\n<p>A vulnerability that allows a Denial-of-Service (DoS) attack has been newly identified in the indicated models. This advisory provides an overview of the issue and the recommended countermeasures.<\/p>\n<p>Please note that, at the time of publication (August 29th, 2025), there have been no confirmed security incidents globally resulting from the exploitation of this vulnerability.<\/p>\n<p><strong>Overview of the vulnerabilities<\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"123\"><strong>Ref. ID<\/strong><\/td>\n<td style=\"text-align: center;\" width=\"350\"><strong>CVSSv3.1<\/strong><\/td>\n<td style=\"text-align: center;\" width=\"113\"><strong>Base Score<\/strong><\/td>\n<td width=\"278\"><strong>Vulnerabilities description<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"123\">CVE-2025-54777<\/td>\n<td style=\"text-align: center;\" width=\"350\">CVSS:3.1\/AV:A\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:L<\/td>\n<td style=\"text-align: center;\" width=\"113\">4.3<\/td>\n<td width=\"278\">Importing a malformed file in [Registration of Certification Information] for S\/MIME for Email Destination causes the Web Connection to stop.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>Affected Models and the countermeasure firmware<\/strong><\/p>\n<table style=\"width: 51.1713%;\">\n<tbody>\n<tr>\n<td style=\"width: 34.8597%;\" width=\"231\"><strong>Product name<\/strong><\/td>\n<td style=\"width: 22.8951%;\" width=\"211\"><strong>Affected Version<\/strong><\/td>\n<td style=\"width: 20.3578%;\" width=\"211\"><strong>Fixed Version<\/strong><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 34.8597%;\" width=\"231\">bizhub C751i<\/p>\n<p>bizhub C651i\/C551i\/C451i<\/p>\n<p>bizhub C361i\/C301i\/C251i<\/p>\n<p>bizhub C4051i\/C3351i\/C4001i\/C3301i<\/p>\n<p>bizhub C3321i<\/p>\n<p>bizhub 751i<\/p>\n<p>bizhub 651i\/551i\/451i<\/p>\n<p>bizhub 361i\/301i<\/p>\n<p>bizhub 4751i\/4051i<\/p>\n<p>bizhub 4701i<\/p>\n<p>bizhub C750i<\/p>\n<p>bizhub C650i\/C550i\/C450i<\/p>\n<p>bizhub C360i\/C300i\/C250i<\/p>\n<p>bizhub C287i\/C257i\/C227i<\/p>\n<p>bizhub C4050i\/C3350i\/C4000i\/C3300i<\/p>\n<p>bizhub C3320i<\/p>\n<p>bizhub 950i\/850i<\/p>\n<p>bizhub 750i<\/p>\n<p>bizhub 650i\/550i\/450i<\/p>\n<p>bizhub 360i\/300i<\/p>\n<p>bizhub 306i\/266i\/246i\/226i<\/p>\n<p>bizhub 4750i\/4050i<\/p>\n<p>bizhub 4700i<\/td>\n<td style=\"width: 22.8951%;\" width=\"211\">G00-RE or earlier<\/td>\n<td style=\"width: 20.3578%;\" width=\"211\">GC2-RE or later<br \/>\n(Except G00-RF)<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 34.8597%;\" width=\"231\">bizhub C759\/C659<\/p>\n<p>bizhub C658\/C558\/C458<\/p>\n<p>bizhub 958\/808\/758<\/p>\n<p>bizhub 658e\/558e\/458e<\/p>\n<p>bizhub C287\/C227<\/td>\n<td style=\"width: 22.8951%;\" width=\"211\">GCQ-Y2 or earlier<\/td>\n<td style=\"width: 20.3578%;\" width=\"211\">GCR-Y2 or later<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 34.8597%;\" width=\"231\">bizhub C368\/C308\/C258<\/p>\n<p>bizhub 558\/458\/368\/308<\/p>\n<p>bizhub C3851\/C3851FS\/C3351<\/p>\n<p>bizhub 4752\/4052<\/td>\n<td style=\"width: 22.8951%;\" width=\"211\">GCQ-X4 or earlier<\/td>\n<td style=\"width: 20.3578%;\" width=\"211\">GCR-X4 or later<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 34.8597%;\" width=\"231\">bizhub 368e\/308e<\/td>\n<td style=\"width: 22.8951%;\" width=\"211\">GCQ-X8 or earlier<\/td>\n<td style=\"width: 20.3578%;\" width=\"211\">GCR-X8 or later<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 34.8597%;\" width=\"231\">bizhub 367\/287\/227<\/td>\n<td style=\"width: 22.8951%;\" width=\"211\">GCQ-Y3 or earlier<\/td>\n<td style=\"width: 20.3578%;\" width=\"211\">GCR-Y3 or later<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>Impact on Multifunction Printers<\/strong><\/p>\n<p>Web Connection becomes completely unresponsive. (Other MFP functions are not affected.)<\/p>\n<p><strong>Remediation<\/strong><\/p>\n<p>The countermeasure firmware will be applied sequentially, either remotely or during the next visit by your authorised Konica Minolta service representative.<\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #0062c2;\"><strong>Vulnerability Specific Recommendation<\/strong><\/span><\/p>\n<ol>\n<li>Ensure that the administrator password is secure. If it remains set to its factory default, please change it immediately to a strong complex password. Configuration: [Utility] &#8211; [Administrator] &#8211; [Security] &#8211; [Administrator Password Setting]<\/li>\n<li>Restrict non-Admin users from making any address book destination changes. Configuration: [Utility] &#8211; [Administrator] &#8211; [Security] &#8211; [Restrict User Access] &#8211; [Registering and Changing Addresses]: [Restrict]<\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #0062c2;\"><strong>General Security Recommendations<\/strong><em>\u00a0<\/em><\/span><\/p>\n<p>To ensure a secure operating posture for your multifunction devices, and to reduce exposure to the vulnerability described in this advisory, Konica Minolta strongly recommends applying the following configuration best practices:<\/p>\n<ol>\n<li><strong> Avoid Direct Internet Exposure<\/strong><\/li>\n<\/ol>\n<p>Place devices behind firewalls and use private IP addressing and Device IP Filtering settings.<\/p>\n<ol start=\"2\">\n<li><strong> Change Default Passwords<\/strong><\/li>\n<\/ol>\n<p>Change default credentials and implement strong passwords for administrative and network functions.<\/p>\n<ol start=\"3\">\n<li><strong> Use Strong Passwords for Services<\/strong><\/li>\n<\/ol>\n<p>Ensure strong credentials are configured for SMTP, LDAP, SMB, WebDAV, and any other integrated services.<\/p>\n<ol start=\"4\">\n<li><strong> Disable Unused Services<\/strong><\/li>\n<\/ol>\n<p>Turn off unused ports or protocols to reduce attack surface.<\/p>\n<ol start=\"5\">\n<li><strong> Use Secure Protocols<\/strong><\/li>\n<\/ol>\n<p>Configure devices to use encrypted communications (e.g., HTTPS, LDAPS, IPPS) where supported.<\/p>\n<ol start=\"6\">\n<li><strong> Monitor Device Activity<\/strong><\/li>\n<\/ol>\n<p>Regularly review device logs and network traffic for suspicious behavior.<\/p>\n<ol start=\"7\">\n<li><strong> Enable Authentication Where Available<\/strong><\/li>\n<\/ol>\n<p>Use built-in user authentication features to prevent unauthorised access to device functions.<\/p>\n<p>&nbsp;<\/p>\n<blockquote><p>For comprehensive information on secure configuration, please refer to our <a href=\"https:\/\/www.konicaminolta.com\/global-en\/security\/mfp\/setting\/index.html\">Product Security web site.<\/a><\/p>\n<p><strong>Enhancing the Security of Products and Services<\/strong><br \/>\nKonica Minolta considers the security of its products and services to be an important responsibility and will continue to actively respond to incidents and vulnerabilities. <a href=\"https:\/\/www.konicaminolta.com\/about\/csr\/social\/customers\/enhanced_security.html\">Click here<\/a><\/p>\n<p><strong>Acknowledgements<\/strong><\/p>\n<p>We would like to express our sincere appreciation to the penetration testers Miguel Alves (0xmupa) for discovering and responsibly reporting this vulnerability.<\/p><\/blockquote>\n<p><strong>Contacts<\/strong><\/p>\n<p>Should you require further clarification or assistance with implementing the recommended measures or applying the relevant firmware update, please contact your authorised Konica Minolta service representative.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>DoS Vulnerability in the Web Connection of Konica Minolta Multifunction Printers Dear Customers, We deeply appreciate your constant patronage to Konica Minolta products. A vulnerability that allows a Denial-of-Service (DoS) attack has been newly identified in the indicated models. This advisory provides an overview of the issue and the recommended countermeasures. Please note that, at<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-11574","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.konicaminolta.vn\/business\/wp-json\/wp\/v2\/pages\/11574","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.konicaminolta.vn\/business\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.konicaminolta.vn\/business\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.konicaminolta.vn\/business\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.konicaminolta.vn\/business\/wp-json\/wp\/v2\/comments?post=11574"}],"version-history":[{"count":4,"href":"https:\/\/www.konicaminolta.vn\/business\/wp-json\/wp\/v2\/pages\/11574\/revisions"}],"predecessor-version":[{"id":11600,"href":"https:\/\/www.konicaminolta.vn\/business\/wp-json\/wp\/v2\/pages\/11574\/revisions\/11600"}],"wp:attachment":[{"href":"https:\/\/www.konicaminolta.vn\/business\/wp-json\/wp\/v2\/media?parent=11574"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}