Millions of Brother printers threatened by multiple serious vulnerabilities – enterprise and home printers at risk

News
By published

Brother printers are at risk from these vulnerabilities

Best Brother printers
(Image credit: Shutterstock)
  • Rapid7 research has uncovered multiple printer vulnerabilities
  • Brother, Fujifilm, Ricoh, and Toshiba printers are all at risk
  • Rapid7 and Brother have released mitigations and workarounds

Brother Industries produces some of the best home printers on the market, and has millions of machines across the globe.

But research from Rapid7 has found that hundreds of home and enterprise Brother models are vulnerable to multiple serious security vulnerabilities.

What’s worse, one of the vulnerabilities cannot be patched with a simple software update and the device must be redesigned to remove the flaw.

Article continues below

Millions of printers vulnerable

In total, Rapid7 found eight serious vulnerabilities that affected 689 models of Brother devices, covering printers, scanners, and label makers. Additionally, due to Brother’s position in the supply chain, 46 Fujifilm models, five Ricoh models, and two Toshiba models are also affected by the vulnerabilities.

The most serious vulnerability - an authentication bypass vulnerability with a CVSS score of 9.8 - allows an attacker to use the printer’s default password to take over the device and potentially access connected systems. By acquiring the target device’s serial number, the attacker can generate the default password for that specific device.

Typically, the default passwords are generated during manufacturing, meaning that in order to fully remediate this vulnerability, Brother must make changes to the manufacturing process in order to protect devices from being exploited by CVE-2024-51978.

The other vulnerabilities include methods for hackers to retrieve sensitive information on the device, triggering stack based buffer overflow, forcing new TCP connections, performing arbitrary HTTP requests, crashing the device, and disclosing the passwords of a configured external device. The full details of these vulnerabilities and recommended remediations can be found here.

Rapid7’s research project was conducted alongside JPCERT/CC and Brother Industries to help make consumers and businesses aware of the threats posed by the vulnerabilities, and the potential mitigations measures that can be applied.

You might also like

Benedict Collins
Benedict Collins
Senior Writer, Security

Benedict is a Senior Security Writer at TechRadar Pro, where he has specialized in covering the intersection of geopolitics, cyber-warfare, and business security.

Benedict provides detailed analysis on state-sponsored threat actors, APT groups, and the protection of critical national infrastructure, with his reporting bridging the gap between technical threat intelligence and B2B security strategy.

Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the University of Buckingham Centre for Security and Intelligence Studies (BUCSIS), with his specialization providing him with a robust academic framework for deconstructing complex international conflicts and intelligence operations, and the ability to translate intricate security data into actionable insights.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.