Critical Vulnerabilities Expose Hundreds of Brother Printers to Remote Attacks

Cybersecurity researchers have discovered critical vulnerabilities that affected hundreds of home and enterprise printers from the hardware manufacturer Brother. Security firm Rapid7 found that eight security flaws are affecting multifunction printers.

Specifically, Rapid7 researchers have found eight serious vulnerabilities that affected 689 models of Brother devices, including printers, scanners, and label makers. These flaws also affected 46 Fujifilm, five Ricoh, two Toshiba, and six Konica Minolta printer models.

The Most Critical Flaw: CVE-2024-51978

The most severe security flaw (tracked as CVE-2024-51978) carries a CVSS score of 9.8. It could enable hackers to allow a remote and unauthenticated attacker to bypass authentication by obtaining the device’s default administrator password. This vulnerability can be chained with a data leak flaw (CVE-2024-51977) to generate a device’s serial number, which is required to generate the default admin password. It cannot be fixed via firmware update and requires changes to the manufacturing process.

“This is due to the discovery of the default password generation procedure used by Brother devices,” Rapid7 explained. “This procedure transforms a serial number into a default password. Affected devices have their default password set, based on each device’s unique serial number, during the manufacturing process.”

Other high-risk Brother printer exploits identified

The other security flaws, which range from moderate to high in severity, can be used by attackers to carry out denial-of-service (DoS) attacks. These attacks might involve making the printer establish TCP connections, extracting credentials from linked external services, triggering a stack overflow, or sending unauthorized HTTP requests. Notably, six out of the eight vulnerabilities identified by Rapid7 can be exploited without needing to log in or authenticate first.

Brother has published a firmware update to address seven vulnerabilities, including CVE-2024-51977, CVE-2024-51979, CVE-2024-51980, CVE-2024-51981, CVE-2024-51982, CVE-2024-51983, and CVE-2024-51984.

Recommended mitigation steps

1. Change the default admin password

It’s highly recommended that organizations change the default password on all affected devices and use a strong, unique password that cannot be derived from the serial number.

2. Restrict network access

Administrators should also isolate printers from the public Internet and place them behind a firewall or on a segmented internal network. They should use access control lists (ACLs) to limit who can reach the device.

3. Apply available firmware updates

Organizations should patch the vulnerabilities by installing the latest firmware updates from Brother or other vendors as soon as they are available.

4. Monitor logs and network traffic

Administrators are advised to enable logging on printers and monitor for unusual activity, such as repeated login attempts, unexpected outbound connections, and use network monitoring tools to detect suspicious behavior.

5. Inventory and audit devices

It’s highly recommended to identify all affected models in their environment and maintain an up-to-date inventory of printer firmware versions and configurations.