In the talk linked by c7h elsewhere in this comment section, a buffer-overflow exploit was found in the JPG library that allowed remote code execution. Since some fax machines support JPGs for transmitting color faxes, those fax machines were vulnerable.

aha .jpg. Been many a system fall foul to buffer overflows in attachments. Blackberry had one system (NT) doing all attachment processing and that fell foul of .jpg issues in the same vain.

Thing is, once a flaw is found in some library or another, those updates and changes don't always get propergated across to all devices, be they a router, fax machine, scanner, printer etc etc. Many of which get deemed - it works, never touched again once setup. That is even presuming that the manufacturer updates and releases new firmware in the first place.

Remember, many bits of kit list what open source libraries etc they use and versions, yet are often slow or artificially obsoleted via support being dropped. So they end up remaining vulnerable to what will be an exploit. This makes them easy to identify thanks to their open source statement and list of what they use and with that, fall foul to script-kiddy style attacks for want of a better way of phrasing it.