Serious vulnerabilities have been discovered in hundreds of Brother printer models that could allow attackers to remotely access devices that still use default passwords. Eight new vulnerabilities, one of which cannot be fixed with a firmware patch, were discovered in 689 Brother home and business printer models by Rapid7.
The flaws also affect 59 printer models from Fujifilm, Toshiba, Ricoh, and Konica Minolta, but not all vulnerabilities have been identified on all printer models. If you use a Brother printer, you can check if your model is affected here.
The most serious vulnerability, tracked as CVE-2024-51978 in the National Vulnerability Database, has a CVSS rating of 9.8 Critical and allows attackers to generate a default device administrator password if they know the serial number of the printer they are targeting. This allows attackers to exploit the other seven vulnerabilities identified by Rapid7, which include obtaining sensitive information, crashing the device, opening TCP connections, making arbitrary HTTP requests, and revealing passwords to connected network services.
While seven of these security flaws can be fixed with firmware updates described in the Rapid7 report, Brother said that CVE-2024-51978 itself “cannot be fully fixed with firmware” and will be addressed through manufacturing changes for future versions of the printer affected by this vulnerability. For current models, Brother recommends that users change the default administrator password for their printer through the printer’s web management menu
Changing the factory default passwords is something we should all do when we take a new device home, and these printer vulnerabilities are a good example of why we should do so.
