Severe Vulnerabilities Found in Brother Printers and Other Brands
Overview of the Findings
Recent investigations by Rapid7, in collaboration with Brother and Japan’s JPCERT Coordination Center, have revealed a significant number of vulnerabilities affecting various printer models across several manufacturers. Specifically, a total of 689 Brother multifunction printers are affected, alongside 46 Fujifilm Business Innovation devices, five Ricoh models, and two from Toshiba Tec Corporation.
Key Vulnerabilities Uncovered
One of the most critical issues identified is an authentication bypass vulnerability, designated as CVE-2024-51978. This particular flaw enables an unauthorized attacker to leak a printer’s serial number, enabling them to generate the device’s default administrator password. This means that attackers could potentially gain full administrative access without any prior authentication, posing serious security risks for users.
Rapid7’s findings highlight that the vulnerability stems from a fundamental flaw in the default password generation method employed during the manufacturing process. Each affected Brother model’s default password is created based on its unique serial number, which can be exploited by those with malicious intent.
Implications of the Vulnerabilities
The vulnerabilities discovered do not only affect the security of the printers but also raise concerns about sensitive information storage and overall device integrity. Additional vulnerabilities include:
- CVE-2024-51977: Allows unauthenticated attackers to access sensitive information, impacting 457 models.
- CVE-2024-51979: Permits authenticated attackers to trigger stack-based buffer overflows in 604 models.
- CVE-2024-51980: Enables unauthorized devices to open TCP connections, affecting 707 models.
- CVE-2024-51981: Allows attackers to force arbitrary HTTP requests, impacting 701 models.
- CVE-2024-51982 and CVE-2024-51983: Both allow unauthenticated attackers to crash the device, affecting 208 and 660 models, respectively.
- CVE-2024-51984: An authenticated attacker can disclose passwords of configured external services, impacting 684 models.
Manufacturer Responses
The implications of these vulnerabilities have triggered swift action from Brother. While a substantial redesign of manufacturing processes is necessary to rectify these security flaws, Brother has already begun rolling out workarounds for existing devices. A spokesperson from Brother reiterated their gratitude to Rapid7 for highlighting these vulnerabilities, acknowledging the importance of addressing this significant oversight.
Ongoing Collaboration for Solutions
The vulnerabilities were first suspected in May 2024 when Brother reached out to Rapid7. Subsequent involvement from JPCERT/CC in July 2024 ensured a collaborative approach to resolving the issues. The teams worked diligently over several months to verify the effectiveness of proposed fixes, culminating in a finalized solution confirmation by March 2025.
On June 2, JPCERT/CC provided Rapid7 with a detailed list of affected models, with public disclosure occurring on June 25 — a timeline that had been previously agreed upon by all parties involved.
Conclusion
With technology evolving rapidly, maintaining robust security in connected devices such as printers remains a challenge. The vulnerabilities uncovered in Brother printers and other brands serve as a wake-up call for manufacturers and users alike. Continued vigilance and proactive measures are crucial to safeguarding sensitive information and ensuring devices remain secure amidst a growing landscape of cyber threats.
