Overview
- Rapid7 discovered eight security flaws in multifunction printers from five vendors that can expose administrator credentials and connected networks.
- The most critical flaw, CVE-2024-51978, bypasses authentication by revealing serial numbers used to generate default admin passwords, granting remote device control.
- All affected manufacturers have released firmware patches that address the majority of identified vulnerabilities.
- Brother reports that its legacy printer models cannot be fully patched via firmware and urges users to manually reset default administrator passwords to mitigate the outstanding flaw.
- The risks extend to 748 models—including 689 Brother units, 46 Fujifilm, five Ricoh, two Toshiba and six Konica Minolta printers—and Dell’s rebranded versions remain of unknown status.