Millions of Brother Printers threatened by multiple serious vulnerabilities – enterprise and home printers at risk
Last week, worrying news surfaced for millions of printer owners: Over 689 models of Brother printers are open to attack, along with 53 additional models made by Fujifilm, Konica, Minolta, Ricoh, and Toshiba. (As if dealing with home printers wasn’t already enough of a headache already.) Worse, eight different flaws are exploitable, with one un-patchable.
The problem: The default administrator password on Brother printers (and those using Brother components) can be guessed, in part by exploiting other vulnerabilities in these devices. But a firmware update won’t be able to address this issue, as what your printer ships with is already set. But research from Rapid7 has found that hundreds of home and enterprise Brother models are vulnerable to multiple serious security vulnerabilities.
What’s worse, one of the vulnerabilities cannot be patched with a simple software update and the device must be redesigned to remove the flaw.
In total, Rapid7 found eight serious vulnerabilities that affected 689 models of Brother devices, covering printers, scanners, and label makers. Additionally, due to Brother’s position in the supply chain, 46 Fujifilm models, five Ricoh models, and two Toshiba models are also affected by the vulnerabilities.
The most serious vulnerability - an authentication bypass vulnerability with a CVSS score of 9.8 - allows an attacker to use the printer’s default password to take over the device and potentially access connected systems. By acquiring the target device’s serial number, the attacker can generate the default password for that specific device.
Typically, the default passwords are generated during manufacturing, meaning that in order to fully remediate this vulnerability, Brother must make changes to the manufacturing process in order to protect devices from being exploited by CVE-2024-51978.
The other vulnerabilities include methods for hackers to retrieve sensitive information on the device, triggering stack based buffer overflow, forcing new TCP connections, performing arbitrary HTTP requests, crashing the device, and disclosing the passwords of a configured external device. The full details of these vulnerabilities and recommended remediations can be found below.
|
CVE |
Description |
Affected Service |
CVSS |
|---|---|---|---|
| CVE-2024-51977 |
An unauthenticated attacker can leak sensitive information. |
HTTP (Port 80), HTTPS (Port 443), IPP (Port 631) |
5.3 (Medium) |
| CVE-2024-51978 |
An unauthenticated attacker can generate the device's default administrator password. |
HTTP (Port 80), HTTPS (Port 443), IPP (Port 631) |
9.8 (Critical) |
| CVE-2024-51979 |
An authenticated attacker can trigger a stack based buffer overflow. |
HTTP (Port 80), HTTPS (Port 443), IPP (Port 631) |
7.2 (High) |
| CVE-2024-51980 |
An unauthenticated attacker can force the device to open a TCP connection. |
Web Services over HTTP (Port 80) |
5.3 (Medium) |
| CVE-2024-51981 |
An unauthenticated attacker can force the device to perform an arbitrary HTTP request. |
Web Services over HTTP (Port 80) |
5.3 (Medium) |
| CVE-2024-51982 |
An unauthenticated attacker can crash the device. |
PJL (Port 9100) |
7.5 (High) |
| CVE-2024-51983 |
An unauthenticated attacker can crash the device. |
Web Services over HTTP (Port 80) |
7.5 (High) |
| CVE-2024-51984 |
An authenticated attacker can disclose the password of a configured external service. |
LDAP, FTP |
6.8 (Medium) |
