233/68 Friday, June 27, 2025
Researchers from Rapid7 have discovered eight security vulnerabilities affecting up to 748 models of printers, scanners, and label printers from five major manufacturers. Among these, 689 models are from Japanese manufacturer Brother, with 695 models affected by a critical vulnerability tracked as CVE-2024-51978, which cannot be patched via firmware. This flaw allows attackers to generate the admin password using the device’s serial number—if the default password has not been changed.
CVE-2024-51978 received a CVSS score of 9.8, highlighting the severity of the vulnerability. The flaw lies in Brother’s password generation function, which is based on the serial number. Serial numbers can be obtained through other vulnerabilities such as CVE-2024-51977 (information disclosure), or by scanning protocols like PJL and SNMP—even without logging into the device. Once the default password is obtained, attackers can chain it with other vulnerabilities, including CVE-2024-51979 (stack buffer overflow) to execute remote code without authentication, or CVE-2024-51984 to extract plaintext credentials (e.g., FTP or LDAP), posing further risks of lateral movement across enterprise networks.
Although Brother has released firmware updates to address seven of the flaws, CVE-2024-51978 cannot be remediated via software and would require a future hardware design change. In the meantime, all current users are strongly urged to change the default admin password immediately. Other affected vendors include Fujifilm, Ricoh, Toshiba, and Konica Minolta. While no active exploitation has been reported so far, experts warn that information about Brother’s vulnerabilities is already being traded on the dark web, potentially leading to large-scale attacks if organizations fail to update and secure their devices promptly.
Source https://www.darkreading.com/endpoint-security/millions-brother-printers-critical-unpatchable-bug
