Critical safety flaws have been present in a whole lot of Brother printer fashions that would permit attackers to remotely entry gadgets which can be nonetheless utilizing default passwords. Eight new vulnerabilities, one among which can’t be fastened by patching the firmware, have been found in 689 sorts of Brother dwelling and enterprise printers by safety firm Rapid7.
The issues additionally affect 59 printer fashions from Fujifilm, Toshiba, Ricoh, and Konica Minolta, however not each vulnerability is discovered on each printer mannequin. For those who personal a Brother printer, you possibly can test to see in case your mannequin is affected right here.
Essentially the most critical safety flaw, tracked underneath CVE-2024-51978 within the Nationwide Vulnerability Database, has a 9.8 “Crucial” CVSS ranking and permits attackers to generate the gadget’s default admin password in the event that they know the serial variety of the printer they’re focusing on. This enables attackers to take advantage of the opposite seven vulnerabilities found by Rapid7, which embrace retrieving delicate data, crashing the gadget, opening TCP connections, performing arbitrary HTTP requests, and exposing passwords for linked community providers.
Whereas seven of those safety flaws may be fastened by way of firmware updates detailed in Rapid7’s report, Brother indicated to the corporate that CVE-2024-51978 itself “can’t be totally remediated in firmware,” and might be fastened by way of a change to the manufacturing course of for future variations of affected printer fashions. For present fashions, Brother recommends that customers change the default admin password for his or her printer by way of the gadget’s Net-Based mostly Administration menu
Altering default manufacturing passwords is one thing we should always all be doing once we take a brand new gadget dwelling anyway, and these printer vulnerabilities are instance as to why.
{content material}
Supply: {feed_title}