- Rapid7’s research has discovered multiple printer vulnerabilities
- Brother, Fujifilm, Ricoh and Toshiba printers are at risk
- Rapid7 and Brother have published mitigations and solutions
Brother Industries produces some of the best homemade printers in the market and has millions of machines worldwide.
But Rapid7’s research has found that hundreds of Home and Enterprise Brother models are vulnerable to multiple serious security vulnerabilities.
What is worse, one of the vulnerabilities cannot be poured with a simple software update and the device must be redesigned to eliminate the failure.
Millions of vulnerable printers
In total, Rapid7 found eight serious vulnerabilities that affected 689 models of sibling devices, covering printers, scanners and label manufacturers. In addition, due to the brother’s position in the supply chain, 46 Fujifilm models, five Ricoh models and two Toshiba models are also affected by vulnerabilities.
The most serious vulnerability, a vulnerability of authentication derivation with a CVSS score of 9.8, allows an attacker to use the default password of the printer to take care of the device and potentially access connected systems. When acquiring the serial number of the destination device, the attacker can generate the default password for that specific device.
In general, default passwords are generated during manufacturing, which means that to completely remedy this vulnerability, Brother must make changes in the manufacturing process to protect devices from being exploited by CVE-2024-51978.
The other vulnerabilities include methods for computer pirates to recover confidential information on the device, activate the overflow of the buffer based on the battery, force new TCP connections, make arbitrary HTTP requests, block the device and reveal the passwords of an external device configured. The complete details of these vulnerabilities and recommended remediations can be found here.
The Rapid7 research project was carried out together with JPCErt/CC and Brother Industries to help consumers and companies aware of the threats raised by vulnerabilities and possible mitigation measures that can be applied.
