Hundreds of brotherly printer models have found serious security flaws that can allow the attackers to access devices that are still using a default password. Eight new weaknesses, one of which cannot be fixed by patching firmware, the security company Rapid 7 was discovered in 689 types of brothers home and enterprise printers.
These flaws also affect the 59 printer model of Fijfel, Toshiba, Rico, and Konika Manolta, but not every risk is found on every printer model. If you have a brother’s printer, you can check to see if your model is affected here.
The most serious security error tracks under the CV-2024-51978 in the National Risk Database, is the 9.8 “critical” CVSS rating and allows the assailants to produce the device’s default admin password if they know the serial number of their printer they target. This allows the attackers to exploit the other seven weaknesses discovered by Rapid -7, including retrieving sensitive information, crashing the device, opening TCP connections, performing discretionary HTTP applications, and exposing passwords for connected network services.
Although seven of these security flaws can be determined by the Rapid-7 report by detailed firmware updates, the brother indicated to the company that CV-2024-51978 itself “firmware cannot be fully treated”, and the future version of the affected printer models will be changed through the manufacturing process. For existing models, Brother recommends that users replace the default admin password for their printer via device web -based management menu
Changing default manufacturing passwords is something we should do when we take a new device home anyway, and these printer risks are a good example of what is the reason.
