A whole bunch of Brother printer fashions have an unpatchable safety flaw

Severe safety flaws have been present in a whole lot of Brother printer fashions that might enable attackers to remotely entry gadgets which can be nonetheless utilizing default passwords. Eight new vulnerabilities, one among which can’t be mounted by patching the firmware, had been found in 689 sorts of Brother house and enterprise printers by safety firm Rapid7.

The issues additionally impression 59 printer fashions from Fujifilm, Toshiba, Ricoh, and Konica Minolta, however not each vulnerability is discovered on each printer mannequin. In the event you personal a Brother printer, you possibly can examine to see in case your mannequin is affected right here.

Essentially the most critical safety flaw, tracked underneath CVE-2024-51978 within the Nationwide Vulnerability Database, has a 9.8 “Important” CVSS score and permits attackers to generate the gadget’s default admin password in the event that they know the serial variety of the printer they’re concentrating on. This permits attackers to take advantage of the opposite seven vulnerabilities found by Rapid7, which embody retrieving delicate data, crashing the gadget, opening TCP connections, performing arbitrary HTTP requests, and exposing passwords for related community companies.

Whereas seven of those safety flaws may be mounted through firmware updates detailed in Rapid7’s report, Brother indicated to the corporate that CVE-2024-51978 itself “can’t be totally remediated in firmware,” and might be mounted through a change to the manufacturing course of for future variations of affected printer fashions. For present fashions, Brother recommends that customers change the default admin password for his or her printer through the gadget’s Internet-Primarily based Administration menu

Altering default manufacturing passwords is one thing we must always all be doing after we take a brand new gadget house anyway, and these printer vulnerabilities are a great instance as to why.