Hundreds of brotherly printers models have an unsuccessful security flaw

Serious security defects have been found in hundreds of models of brother printers which could allow attackers to access peripherals remotely who always use default passwords. Eight new vulnerabilities, one cannot be corrected by correcting firmware, were discovered in 689 types of Brother Home and Enterprise printers by Rapid7 security company.

Defects also have an impact on 59 models of Fujifilm, Toshiba, Ricoh and Konica Minolta printers, but not all vulnerability are on each printer model. If you have a brother printer, you can check at See if your model is affected here.

The most serious security lack of security, followed under CVE-2024-51978 in the national vulnerability databasehas one 9.8 “Critical” CVSS assessment And allows attackers to generate the default administration password of the device if they know the printer serial number they target. This allows attackers to exploit the seven other vulnerabilities discovered by RAPID7, which include the recovery of sensitive information, the planting of the device, the opening of TCP connections, the making of arbitrary HTTP requests and the exposure of passwords for connected network services.

While seven of these security defects can be set via Updates of detailed firmware in the Rapid7 reportBrother told the company that CVE-2024-51978 itself “cannot be fully corrected in the firmware” and will be fixed via a modification of the manufacturing process for the future versions of the affected printers. For current models, Brother recommends users to modify the default administration password for their printer via The device web management menu

Changing the default manufacturing passwords is something we should all do when we bring a new device to home anyway, and these printer vulnerabilities are a good example of why.