- Rapid7 analysis has uncovered a number of printer vulnerabilities
- Brother, Fujifilm, Ricoh, and Toshiba printers are all in danger
- Rapid7 and Brother have launched mitigations and workarounds
Brother Industries produces among the finest house printers in the marketplace, and has thousands and thousands of machines throughout the globe.
However analysis from Rapid7 has discovered that lots of of house and enterprise Brother fashions are weak to a number of severe safety vulnerabilities.
What’s worse, one of many vulnerabilities can’t be patched with a easy software program replace and the gadget should be redesigned to take away the flaw.
Tens of millions of printers weak
In whole, Rapid7 discovered eight severe vulnerabilities that affected 689 fashions of Brother gadgets, overlaying printers, scanners, and label makers. Moreover, on account of Brother’s place within the provide chain, 46 Fujifilm fashions, 5 Ricoh fashions, and two Toshiba fashions are additionally affected by the vulnerabilities.
Essentially the most severe vulnerability – an authentication bypass vulnerability with a CVSS rating of 9.8 – permits an attacker to make use of the printer’s default password to take over the gadget and doubtlessly entry related methods. By buying the goal gadget’s serial quantity, the attacker can generate the default password for that particular gadget.
Usually, the default passwords are generated throughout manufacturing, which means that in an effort to totally remediate this vulnerability, Brother should make modifications to the manufacturing course of in an effort to defend gadgets from being exploited by CVE-2024-51978.
The opposite vulnerabilities embrace strategies for hackers to retrieve delicate info on the gadget, triggering stack based mostly buffer overflow, forcing new TCP connections, performing arbitrary HTTP requests, crashing the gadget, and disclosing the passwords of a configured exterior gadget. The complete particulars of those vulnerabilities and advisable remediations will be discovered right here.
Signal as much as the TechRadar Professional e-newsletter to get all the highest information, opinion, options and steerage your corporation must succeed!
Rapid7’s analysis undertaking was performed alongside JPCERT/CC and Brother Industries to assist make customers and companies conscious of the threats posed by the vulnerabilities, and the potential mitigations measures that may be utilized.
You may additionally like
- Increase your own home workplace with one of the best all-in-one printer
- The perfect low-cost printers can accommodate any price range
- Take your small enterprise to new heights with professional-level printing