In a troubling revelation, cybersecurity firm Rapid7 has uncovered a series of significant vulnerabilities impacting hundreds of Brother Industries’ devices, including printers, scanners, and label makers.
The investigation identified eight critical vulnerabilities across 689 models, raising alarms for both home and enterprise users worldwide.
Among these, the most severe flaw, labeled with a CVSS score of 9.8, allows attackers to exploit default passwords to take control of affected devices, potentially gaining access to connected networks.
Cybersecurity Firm Uncovers Serious Flaws in Brother Printers and Scanners
This critical vulnerability, known as CVE-2024-51978, enables unauthorized users to generate a device’s default password by obtaining its serial number, facilitating unauthorized access and control.
Notably, remediation requires more than a software patch; the manufacturing process of these devices needs to be overhauled to ensure the default passwords are securely generated, posing a significant challenge for Brother Industries.
Furthermore, due to Brother’s integral role in the supply chain, several models from other manufacturers, including 46 models from Fujifilm, five from Ricoh, and two from Toshiba, are also impacted by these vulnerabilities. This wide-ranging effect raises concerns across the industry regarding similar vulnerabilities in interconnected devices.
The other identified vulnerabilities enable hackers to retrieve sensitive information, trigger stack-based buffer overflows, force new TCP connections, perform arbitrary HTTP requests, crash devices, and disclose passwords of external configurations.
Rapid7’s collaborative research with JPCERT/CC and Brother Industries aims to inform stakeholders about these critical security flaws and highlight necessary mitigation strategies.
As technology continues to advance, the implications of such vulnerabilities serve as a stark reminder of the importance of cybersecurity in everyday devices. Consumers and businesses alike are encouraged to stay informed about potential risks and consider proactive measures to protect their data and systems.
