Overview

• Rapid7 discovered eight security flaws in multifunction printers from five vendors that can expose administrator credentials and connected networks.
• The most critical flaw, CVE-2024-51978, bypasses authentication by revealing serial numbers used to generate default admin passwords, granting remote device control.
• All affected manufacturers have released firmware patches that address the majority of identified vulnerabilities.
• Brother reports that its legacy printer models cannot be fully patched via firmware and urges users to manually reset default administrator passwords to mitigate the outstanding flaw.
• The risks extend to 748 models—including 689 Brother units, 46 Fujifilm, five Ricoh, two Toshiba and six Konica Minolta printers—and Dell’s rebranded versions remain of unknown status.