Critical safety flaws have been present in tons of of Brother printer fashions that would enable attackers to remotely entry gadgets which might be nonetheless utilizing default passwords. Eight new vulnerabilities, certainly one of which can’t be fastened by patching the firmware, have been found in 689 sorts of Brother residence and enterprise printers by security company Rapid7.
The failings additionally influence 59 printer fashions from Fujifilm, Toshiba, Ricoh, and Konica Minolta, however not each vulnerability is discovered on each printer mannequin. For those who personal a Brother printer, you possibly can verify to see if your model is affected here.
Essentially the most severe safety flaw, tracked beneath CVE-2024-51978 in the National Vulnerability Database, has a 9.8 “Critical” CVSS rating and permits attackers to generate the machine’s default admin password in the event that they know the serial variety of the printer they’re focusing on. This enables attackers to use the opposite seven vulnerabilities found by Rapid7, which embrace retrieving delicate data, crashing the machine, opening TCP connections, performing arbitrary HTTP requests, and exposing passwords for related community providers.
Whereas seven of those safety flaws could be fastened by way of firmware updates detailed in Rapid7’s report, Brother indicated to the corporate that CVE-2024-51978 itself “can’t be absolutely remediated in firmware,” and will probably be fastened by way of a change to the manufacturing course of for future variations of affected printer fashions. For present fashions, Brother recommends that customers change the default admin password for his or her printer by way of the device’s Web-Based Management menu
Altering default manufacturing passwords is one thing we should always all be doing once we take a brand new machine residence anyway, and these printer vulnerabilities are a great instance as to why.