Severe safety flaws have been present in a whole bunch of Brother printer fashions that might enable attackers to remotely entry units which can be nonetheless utilizing default passwords. Eight new vulnerabilities, one in all which can’t be mounted by patching the firmware, had been found in 689 sorts of Brother dwelling and enterprise printers by safety firm Rapid7.
The failings additionally influence 59 printer fashions from Fujifilm, Toshiba, Ricoh, and Konica Minolta, however not each vulnerability is discovered on each printer mannequin. If you happen to personal a Brother printer, you’ll be able to examine to see in case your mannequin is affected right here.
Probably the most severe safety flaw, tracked underneath CVE-2024-51978 within the Nationwide Vulnerability Database, has a 9.8 “Crucial” CVSS ranking and permits attackers to generate the system’s default admin password in the event that they know the serial variety of the printer they’re focusing on. This enables attackers to use the opposite seven vulnerabilities found by Rapid7, which embrace retrieving delicate info, crashing the system, opening TCP connections, performing arbitrary HTTP requests, and exposing passwords for related community providers.
Whereas seven of those safety flaws might be mounted by way of firmware updates detailed in Rapid7’s report, Brother indicated to the corporate that CVE-2024-51978 itself “can’t be totally remediated in firmware,” and will likely be mounted by way of a change to the manufacturing course of for future variations of affected printer fashions. For present fashions, Brother recommends that customers change the default admin password for his or her printer by way of the system’s Internet-Primarily based Administration menu
Altering default manufacturing passwords is one thing we should always all be doing once we take a brand new system dwelling anyway, and these printer vulnerabilities are instance as to why.
