- This topic has 0 replies, 1 voice, and was last updated 10 months ago by
.
Viewing 1 post (of 1 total)
Security researchers at Rapid7 have uncovered eight serious vulnerabilities affecting 689 Brother models, including printers, scanners, and label makers. These flaws also impact select devices from Fujifilm, Ricoh, Toshiba, and Konica Minolta, bringing the total to 748 affected models.
Key Vulnerability: CVE-2024-51978
- Severity: 9.8 (Critical)
- Issue: Attackers can derive the default admin password using the device’s serial number.
- Impact: Remote takeover of the device and potential access to connected systems.
- Fix: Cannot be fully patched via firmware—requires a manufacturing process change.
Other Vulnerabilities Include:
CVE ID Description CVSS Score Access Level CVE-2024-51977 Leak of sensitive information via HTTP/IPP 5.3 Unauthenticated CVE-2024-51979 Stack-based buffer overflow 7.2 Authenticated CVE-2024-51980 Forced TCP connection 5.3 Unauthenticated CVE-2024-51981 Arbitrary HTTP request execution 5.3 Unauthenticated CVE-2024-51982/83 Device crash via PJL or HTTP 7.5 Unauthenticated CVE-2024-51984 Disclosure of external service passwords (e.g., LDAP, FTP) 6.8 Authenticated What You Can Do
- Change the default admin password immediately.
- Check if your model is affected using.
- Apply firmware updates where available—seven of the eight vulnerabilities have patches.
- For CVE-2024-51978, only newly manufactured devices will be fully protected.
https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed/
In a completely sane world, madness is the only freedom (J.G.Ballard).
You need to login in order to vote
Viewing 1 post (of 1 total)
- You must be logged in to reply to this topic.