Nearly 700 Brother printer fashions have been discovered to comprise a lot of critical safety flaws that would permit an attacker to entry different gadgets in your community, and probably entry your paperwork. The identical is true of some printer fashions made by Fujifilm, Toshiba, Ricoh, and Konica Minolta …
Cybersecurity firm Rapid7 found eight vulnerabilities affecting 689 Brother printers, and 46 fashions from different manufacturers.
Essentially the most egregious of those is that the default password of every printer is derived from its serial quantity, and the way in which during which that is achieved has now been found.
Essentially the most critical of the findings is the authentication bypass CVE-2024-51978. A distant unauthenticated attacker can leak the goal gadget’s serial quantity by considered one of a number of means, and in flip generate the goal gadget’s default administrator password. That is because of the discovery of the default password era process utilized by Brother gadgets. This process transforms a serial quantity right into a default password.
Brother says that this can’t be fastened by a firmware replace, so the one strategy to treatment it’s to manually change your printer’s password.
The remaining vulnerabilities can be utilized in conjunction to both crash your printer or, extra critically, achieve entry to different gadgets and providers operating in your community. Within the worst of instances, an attacker might achieve entry to passwords saved in your community, and makes use of these to entry paperwork saved on cloud servers.
The go again vulnerability CVE-2024-51984, permits a distant authenticated attacker to find the plaintext credentials of a number of configured exterior providers, akin to LDAP or FTP. Efficiently exploiting this vulnerability offers an attacker extra credentials to make use of when attempting to pivot additional right into a community setting. Within the case of credentials to an exterior FTP service, these credentials could also be used to reveal delicate data akin to paperwork saved on that FTP service.
The right way to defend your self
Brother says that seven of the eight vulnerabilities might be fastened by a firmware replace, so this ought to be achieved by all customers.
Nonetheless, the default password era flaw can’t be fastened, so when you haven’t already modified it, accomplish that now.
Highlighted offers
Picture: 9to5Mac collage of pictures from Brother and Jakub Żerdzicki on Unsplash
FTC: We use revenue incomes auto affiliate hyperlinks. Extra.
