Overview
- Rapid7 discovered eight zero-day vulnerabilities in 689 Brother printer models and 59 devices from Fujifilm, Toshiba, Ricoh, and Konica Minolta.
- The most severe flaw, CVE-2024-51978, earned a 9.8 CVSS rating by allowing default admin passwords to be generated from printer serial numbers and is unpatchable via firmware.
- Brother has released firmware updates for the seven patchable flaws and is urging users to apply them immediately.
- Brother will update its manufacturing process to eliminate the critical flaw in future units, leaving current devices dependent on password changes for protection.
- Researchers report no evidence of in-the-wild exploitation, but warn that millions of devices remain vulnerable without prompt mitigation.