Brother, a leading manufacturer of home and office printers, is currently facing a significant security challenge that affects hundreds of its devices worldwide. Cybersecurity researchers at Rapid7 recently uncovered eight critical vulnerabilities impacting 689 Brother models, including printers, scanners, and label printers. This alarming discovery also extends to devices from other manufacturers such as Fujifilm, Konica Minolta, Ricoh, and Toshiba, which incorporate Brother components. The severity of these vulnerabilities ranges from moderate risks to critical threats, with CVSS scores as high as 9.8, underscoring the urgency for users to take immediate action.
The most serious vulnerability, identified as CVE-2024-51978, exposes a major flaw in how Brother generates default administrator passwords. Instead of unique or randomly generated credentials, the passwords are derived using a weak algorithm based on the printer’s serial number and a static lookup table. This means that once an attacker obtains a device’s serial number—which can be accessed through other security flaws—they can easily calculate the default admin password. This grants unauthorized access to the device’s settings, enabling hackers to take full control of the printer and potentially use it as a launching point to compromise other networked devices. Additionally, other vulnerabilities allow malicious actors to extract sensitive information, crash printers remotely, establish unauthorized network connections, or reveal passwords of connected systems.
Brother has responded by releasing firmware updates addressing seven of the eight discovered vulnerabilities, which can be downloaded from their official support site. However, the critical password generation flaw cannot be patched through software updates because it is embedded in the manufacturing process itself. Brother has pledged to change how default passwords are created in future devices to prevent this issue from recurring. In the meantime, users with affected models must proactively change the default administrator password manually and implement strict network security measures. Experts strongly recommend isolating printers on separate networks, restricting access through firewalls, and limiting exposure of vulnerable ports such as TCP 9100 to reduce the risk of exploitation.
Brother continues to collaborate closely with Rapid7 and Japan’s JPCERT/CC cybersecurity organization to further investigate and mitigate these vulnerabilities. However, the persistence of an unpatchable hardware-level flaw serves as a stark reminder of the importance of proactive security hygiene when it comes to connected office equipment. Users and IT administrators are urged to act swiftly to secure their devices and protect their networks from potential attacks leveraging these printer vulnerabilities.
