![What Is a Markup Language? [+ 7 Examples]](https://static.semrush.com/blog/uploads/media/82/c8/82c85ebca40c95d539cf4b766c9b98f8/markup-language-sm.png)
Millions of Brother printers threatened by multiple serious vulnerabilities – enterprise and home printers at risk
Millions of printers, scanners, and label makers from Brother are at risk of being hit by eight new vulnerabilities.
- Rapid7 research has uncovered multiple printer vulnerabilities
- Brother, Fujifilm, Ricoh, and Toshiba printers are all at risk
- Rapid7 and Brother have released mitigations and workarounds
Brother Industries produces some of the best home printers on the market, and has millions of machines across the globe.
But research from Rapid7 has found that hundreds of home and enterprise Brother models are vulnerable to multiple serious security vulnerabilities.
What’s worse, one of the vulnerabilities cannot be patched with a simple software update and the device must be redesigned to remove the flaw.
Millions of printers vulnerable
In total, Rapid7 found eight serious vulnerabilities that affected 689 models of Brother devices, covering printers, scanners, and label makers. Additionally, due to Brother’s position in the supply chain, 46 Fujifilm models, five Ricoh models, and two Toshiba models are also affected by the vulnerabilities.
The most serious vulnerability - an authentication bypass vulnerability with a CVSS score of 9.8 - allows an attacker to use the printer’s default password to take over the device and potentially access connected systems. By acquiring the target device’s serial number, the attacker can generate the default password for that specific device.
Typically, the default passwords are generated during manufacturing, meaning that in order to fully remediate this vulnerability, Brother must make changes to the manufacturing process in order to protect devices from being exploited by CVE-2024-51978.
The other vulnerabilities include methods for hackers to retrieve sensitive information on the device, triggering stack based buffer overflow, forcing new TCP connections, performing arbitrary HTTP requests, crashing the device, and disclosing the passwords of a configured external device. The full details of these vulnerabilities and recommended remediations can be found here.
Rapid7’s research project was conducted alongside JPCERT/CC and Brother Industries to help make consumers and businesses aware of the threats posed by the vulnerabilities, and the potential mitigations measures that can be applied.
You might also like
- Boost your home office with the best all-in-one printer
- The best cheap printers can accommodate any budget
- Take your small business to new heights with professional-level printing
