Particle.news

Download on the App Store

Brother Patches Seven Printer Vulnerabilities, Will Rework Hardware to Fix Critical Flaw

A 9.8-rated authentication bypass flaw highlights the need for users to install firmware updates, reset factory-admin passwords

Image
Image
Image

Overview

  • Rapid7 discovered eight zero-day vulnerabilities in 689 Brother printer models and 59 devices from Fujifilm, Toshiba, Ricoh, and Konica Minolta.
  • The most severe flaw, CVE-2024-51978, earned a 9.8 CVSS rating by allowing default admin passwords to be generated from printer serial numbers and is unpatchable via firmware.
  • Brother has released firmware updates for the seven patchable flaws and is urging users to apply them immediately.
  • Brother will update its manufacturing process to eliminate the critical flaw in future units, leaving current devices dependent on password changes for protection.
  • Researchers report no evidence of in-the-wild exploitation, but warn that millions of devices remain vulnerable without prompt mitigation.