{"id":14351,"date":"2025-06-27T14:46:06","date_gmt":"2025-06-27T14:46:06","guid":{"rendered":"https:\/\/newestek.com\/?p=14351"},"modified":"2025-06-27T14:46:06","modified_gmt":"2025-06-27T14:46:06","slug":"some-brother-printers-have-a-remote-code-execution-vulnerability-and-they-cant-fix-it","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=14351","title":{"rendered":"Some Brother printers have a remote code execution vulnerability, and they can\u2019t fix it"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

Brother Industries is grappling with a critical authentication bypass vulnerability affecting hundreds of different printer models, many of them used in enterprises, allowing unauthenticated remote code execution (RCE) on the devices when chained with another flaw.<\/p>\n

The admin password bypass stems from a manufacturing issue and cannot be fixed through firmware according to Rapid7, the cybersecurity firm that discovered the vulnerability \u2014 along with seven others \u2014 affecting 689 different device models.<\/p>\n

One of those vulnerabilities enables attackers to extract the serial number of a printer, and that\u2019s at the root of Brother\u2019s problems.<\/p>\n

\u201cThis is due to the discovery of the default password generation procedure used by Brother devices,\u201d Rapid7 said in a blog post. \u201cThis procedure transforms a serial number into a default password. Affected devices have their default password set, based on each device\u2019s unique serial number, during the manufacturing process.\u201d<\/p>\n

Other serious bugs uncovered include info leaks, server-side request forgery, crash-inducing flaws and credential disclosure.<\/p>\n

<\/a>The centerpiece of Rapid7\u2019s disclosure is CVE-2024-51978<\/a>, a vulnerability rated critical (CVSS 9.8 out of 10) that enables attackers to derive the default administrator password from the device\u2019s serial number.<\/p>\n

While another of the discovered flaws, a medium severity information disclosure vulnerability (CVE-2024-51977<\/a>), potentially allows an attacker to leak the prerequisite unique serial number via the target\u2019s HTTP, HTTPS, and IPP services, the serial can also be obtained through more honest query using SNMP (simple network management protocol) or PJL (printer job language).<\/p>\n

Once admin access is achieved, it can be used to exploit CVE-2024-51979<\/a>, a high-severity stack-based buffer overflow<\/a> (CVSS 7.2) reachable over the same interfaces (communication channels or ports) as the first one.<\/p>\n

Security blind spot<\/h2>\n

The combination of these flaws effectively enables unauthenticated remote code execution as the attacker can send specially crafted malicious input through the memory overflow.<\/p>\n

Commenting on the discovery, John Bambanek of Bambanek Consulting noted that printers remain a typical blind spot in IT security. \u201cPrinters are often a \u2018plug it in and forget it\u2019 type of IT device and are easy to overlook for updates and security patches,\u201d he said. \u201cHowever, they have operating systems and can be used for easy lateral movement and persistence by attackers who want to remain in a target environment quietly.\u201d<\/p>\n

Rapid7 noted that chaining these two vulnerabilities gives attackers full control without the need for credentials or physical access.<\/p>\n

While Brother has addressed CVE-2024-51979 through firmware updates, fixing CVE-2024-51978 will need the users to replace their printer with a new model without the manufacturing flaw.<\/p>\n

\u201cBrother has indicated that this vulnerability cannot be fully remediated in firmware, and has required a change to the manufacturing process of all affected models,\u201d Rapid7 said.<\/p>\n

Brother did not respond to a request for comment.<\/p>\n

From data drips to full device crashes<\/h2>\n

Rapid7\u2019s identified seven additional vulnerabilities in Brother devices, ranging from mildly concerning to potentially disruptive. Among the more serious ones are the two denial-of-service (DOS<\/a>) bugs, CVE-2024-51982<\/a> and CVE-2024-51983<\/a> with CVSS scores of 7.5 each that can crash devices via malformed PJL or HTTP inputs.<\/p>\n

Two others, CVE-2024-51980<\/a> and CVE-2024-51981<\/a>, enable server-side request forgery (SSRF), allowing printers to send crafted requests into internal networks they shouldn\u2019t be talking to. In corporate environments, this could let attackers probe internal services, bypass access controls, or pivot deeper into the network. Finally, CVE-2024-51984<\/a> exposes plaintext credentials for services such as LDAP or FTP to authenticated users, offering a potential jump-off point for wider compromise.<\/p>\n

In addition to 689 models of Brother printers, scanners, and label makers, some of the vulnerabilities affect 46 Fujifilm models, 5 from Ricoh, 2 from Toshiba Tec, and 6 from Konica Minolta.<\/p>\n

Except for Brother\u2019s admin bypass flaw, all vulnerabilities have been addressed through respective firmware updates, Rapid7 added<\/a>.<\/p>\n

David Matalon, CEO of Venn, warns that the security of remote work environments extends well beyond laptops. \u201cPrinters in home offices, often overlooked, can become serious points of exposure, especially since peripherals are almost always WiFi-enabled,\u201d he said. \u201cOrganizations need to focus on shrinking that threat surface and consider strategies for ensuring their company data is protected independently of the device it\u2019s on, or the user\u2019s home network that may be used to access it.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Brother Industries is grappling with a critical authentication bypass vulnerability affecting hundreds of different printer models, many of them used in enterprises, allowing unauthenticated remote code execution (RCE) on the devices when chained with another flaw. The admin password bypass stems from a manufacturing issue and cannot be fixed through firmware according to Rapid7, the cybersecurity firm that discovered the vulnerability \u2014 along with seven… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-14351","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14351","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14351"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14351\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14351"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14351"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14351"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}