2025-07-01 11:37:57 by 9to5Mac

Almost 700 Brother printer models have been found to contain a number of serious security flaws that could allow an attacker to access other devices on your network, and potentially access your documents. The same is true of some printer models made by Fujifilm, Toshiba, Ricoh, and Konica Minolta … Cybersecurity company Rapid7 discovered eight vulnerabilities affecting 689 Brother printers, and 46 models from other brands. The most egregious of these is that the default password of each printer is derived from its serial number, and the way in which this is done has now been discovered. The most serious of the findings is the authentication bypass CVE-2024-51978. A remote unauthenticated attacker can leak the target device’s serial number through one of several means, and in turn generate the target device’s default administrator password. This is due to the discovery of the default password generation procedure used by Brother devices. This procedure transforms a serial number into a default password. Brother says that this cannot be fixed by a firmware update, so the only way to remedy it is to manually change your printer’s password. The remaining vulnerabilities can be used in conjunction to either crash your printer or, more seriously, gain access to other devices and services running on your network. In the worst of cases, an attacker could gain access to passwords stored on your network, and uses these to access documents stored on cloud servers. The pass back vulnerability CVE-2024-51984, allows a remote authenticated attacker to discover the plaintext credentials of several configured external services, such as LDAP or FTP. Successfully exploiting this vulnerability gives an attacker additional credentials to use when trying to pivot further into a network environment. In the case of credentials to an external FTP service, these credentials may be used to disclose sensitive information such as documents stored on that FTP service. How to protect yourself Brother says that seven of the eight vulnerabilities can be fixed by a firmware update, so this should be done by all users. However, the default password generation flaw cannot be fixed, so if you haven’t already changed it, do so now. Highlighted deals Printers available on Amazon Anker 511 Nano Pro ultra-compact iPhone charger Apple MagSafe Charger with 25w power for iPhone 16 models Apple 30W charger for above Anker 240W braided USB-C to USB-C cable Image: 9to5Mac collage of images from Brother and Jakub Żerdzicki on Unsplash Add 9to5Mac to your Google News feed.  FTC: We use income earning auto affiliate links. More.