Recommended reading

Millions of Brother printers threatened by multiple serious vulnerabilities – enterprise and home printers at risk

News
By published

Brother printers are at risk from these vulnerabilities

Best Brother printers
(Image credit: Shutterstock)
  • Rapid7 research has uncovered multiple printer vulnerabilities
  • Brother, Fujifilm, Ricoh, and Toshiba printers are all at risk
  • Rapid7 and Brother have released mitigations and workarounds

Brother Industries produces some of the best home printers on the market, and has millions of machines across the globe.

But research from Rapid7 has found that hundreds of home and enterprise Brother models are vulnerable to multiple serious security vulnerabilities.

What’s worse, one of the vulnerabilities cannot be patched with a simple software update and the device must be redesigned to remove the flaw.

Millions of printers vulnerable

In total, Rapid7 found eight serious vulnerabilities that affected 689 models of Brother devices, covering printers, scanners, and label makers. Additionally, due to Brother’s position in the supply chain, 46 Fujifilm models, five Ricoh models, and two Toshiba models are also affected by the vulnerabilities.

The most serious vulnerability - an authentication bypass vulnerability with a CVSS score of 9.8 - allows an attacker to use the printer’s default password to take over the device and potentially access connected systems. By acquiring the target device’s serial number, the attacker can generate the default password for that specific device.

Typically, the default passwords are generated during manufacturing, meaning that in order to fully remediate this vulnerability, Brother must make changes to the manufacturing process in order to protect devices from being exploited by CVE-2024-51978.

The other vulnerabilities include methods for hackers to retrieve sensitive information on the device, triggering stack based buffer overflow, forcing new TCP connections, performing arbitrary HTTP requests, crashing the device, and disclosing the passwords of a configured external device. The full details of these vulnerabilities and recommended remediations can be found here.

Rapid7’s research project was conducted alongside JPCERT/CC and Brother Industries to help make consumers and businesses aware of the threats posed by the vulnerabilities, and the potential mitigations measures that can be applied.

You might also like

Benedict Collins
Benedict Collins
Senior Writer, Security

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.