 (2).png){kind=logo}
5 hours ago
1
Serious information flaws person been recovered successful hundreds of Brother printer models that could let attackers to remotely entree devices that are inactive utilizing default passwords. Eight caller vulnerabilities, 1 of which cannot beryllium fixed by patching the firmware, were discovered successful 689 kinds of Brother location and endeavor printers by security institution Rapid7.Â
The flaws besides interaction 59 printer models from Fujifilm, Toshiba, Ricoh, and Konica Minolta, but not each vulnerability is recovered connected each printer model. If you ain a Brother printer, you tin cheque to see if your exemplary is affected here.
The astir superior information flaw, tracked nether CVE-2024-51978 successful the National Vulnerability Database, has a 9.8 “Critical” CVSS rating and allows attackers to make the device’s default admin password if they cognize the serial fig of the printer they’re targeting. This allows attackers to exploit the different 7 vulnerabilities discovered by Rapid7, which see retrieving delicate information, crashing the device, opening TCP connections, performing arbitrary HTTP requests, and exposing passwords for connected web services.
While 7 of these information flaws tin beryllium fixed via firmware updates elaborate successful Rapid7’s report, Brother indicated to the institution that CVE-2024-51978 itself “cannot beryllium afloat remediated successful firmware,” and volition beryllium fixed via a alteration to the manufacturing process for aboriginal versions of affected printer models. For existent models, Brother recommends that users alteration the default admin password for their printer via the device’s Web-Based Management menu
Changing default manufacturing passwords is thing we should each beryllium doing erstwhile we instrumentality a caller instrumentality location anyway, and these printer vulnerabilities are a bully illustration arsenic to why.
English (US) ·