Millions of Brother printers threatened by multiple serious vulnerabilities – enterprise and home printers at risk

News
By published

Brother printers are at risk from these vulnerabilities

Best Brother printers
(Image credit: Shutterstock)
  • Rapid7 research has uncovered multiple printer vulnerabilities
  • Brother, Fujifilm, Ricoh, and Toshiba printers are all at risk
  • Rapid7 and Brother have released mitigations and workarounds

Brother Industries produces some of the best home printers on the market, and has millions of machines across the globe.

But research from Rapid7 has found that hundreds of home and enterprise Brother models are vulnerable to multiple serious security vulnerabilities.

What’s worse, one of the vulnerabilities cannot be patched with a simple software update and the device must be redesigned to remove the flaw.

Millions of printers vulnerable

In total, Rapid7 found eight serious vulnerabilities that affected 689 models of Brother devices, covering printers, scanners, and label makers. Additionally, due to Brother’s position in the supply chain, 46 Fujifilm models, five Ricoh models, and two Toshiba models are also affected by the vulnerabilities.

The most serious vulnerability - an authentication bypass vulnerability with a CVSS score of 9.8 - allows an attacker to use the printer’s default password to take over the device and potentially access connected systems. By acquiring the target device’s serial number, the attacker can generate the default password for that specific device.

Typically, the default passwords are generated during manufacturing, meaning that in order to fully remediate this vulnerability, Brother must make changes to the manufacturing process in order to protect devices from being exploited by CVE-2024-51978.

The other vulnerabilities include methods for hackers to retrieve sensitive information on the device, triggering stack based buffer overflow, forcing new TCP connections, performing arbitrary HTTP requests, crashing the device, and disclosing the passwords of a configured external device. The full details of these vulnerabilities and recommended remediations can be found here.

Rapid7’s research project was conducted alongside JPCERT/CC and Brother Industries to help make consumers and businesses aware of the threats posed by the vulnerabilities, and the potential mitigations measures that can be applied.

You might also like

Benedict Collins
Benedict Collins
Senior Writer, Security

Benedict has been with TechRadar Pro for over two years, and has specialized in writing about cybersecurity, threat intelligence, and B2B security solutions. His coverage explores the critical areas of national security, including state-sponsored threat actors, APT groups, critical infrastructure, and social engineering.

Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the Centre for Security and Intelligence Studies at the University of Buckingham, providing him with a strong academic foundation for his reporting on geopolitics, threat intelligence, and cyber-warfare.

Prior to his postgraduate studies, Benedict earned a BA in Politics with Journalism, providing him with the skills to translate complex political and security issues into comprehensible copy.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.