A complete of 689 printer fashions from Brother, together with 53 different fashions from Fujifilm, Toshiba, and Konica Minolta, include a default administrator password that distant attackers can generate. Even worse, there isn’t a method to repair the flaw through firmware in present printers.
The flaw, tracked beneath CVE-2024-51978, is a part of a set of eight vulnerabilities found by Rapid7 researchers throughout a prolonged examination of Brother {hardware}.
| CVE | Description | Affected Service | CVSS |
|---|---|---|---|
| CVE-2024-51977 | An unauthenticated attacker can leak delicate info. | HTTP (Port 80), HTTPS (Port 443), IPP (Port 631) | 5.3 (Medium) |
| CVE-2024-51978 | An unauthenticated attacker can generate the gadget’s default administrator password. | HTTP (Port 80), HTTPS (Port 443), IPP (Port 631) | 9.8 (Essential) |
| CVE-2024-51979 | An authenticated attacker can set off a stack based mostly buffer overflow. | HTTP (Port 80), HTTPS (Port 443), IPP (Port 631) | 7.2 (Excessive) |
| CVE-2024-51980 | An unauthenticated attacker can pressure the gadget to open a TCP connection. | Internet Providers over HTTP (Port 80) | 5.3 (Medium) |
| CVE-2024-51981 | An unauthenticated attacker can pressure the gadget to carry out an arbitrary HTTP request. | Internet Providers over HTTP (Port 80) | 5.3 (Medium) |
| CVE-2024-51982 | An unauthenticated attacker can crash the gadget. | PJL (Port 9100) | 7.5 (Excessive) |
| CVE-2024-51983 | An unauthenticated attacker can crash the gadget. | Internet Providers over HTTP (Port 80) | 7.5 (Excessive) |
| CVE-2024-51984 | An authenticated attacker can disclose the password of a configured exterior service. | LDAP, FTP | 6.8 (Medium) |
This important vulnerability might be chained with different vulnerabilities found by Rapid7 to find out the admin password, take management of units, carry out distant code execution, crash them, or pivot inside the networks they’re related to.
Not all the flaws have an effect on each one of many 689 Brother printer fashions, however different producers, together with Fujifilm (46 fashions), Konica Minolta (6), Ricoh (5), and Toshiba (2), are impacted as effectively.
Supply: Rapid7
Insecure password technology
The default password within the impacted printers is generated throughout manufacturing utilizing a customized alogirthm based mostly on the gadget’s serial quantity.
In keeping with a detailed technical evaluation by Rapid7, the password technology algorithm follows an simply reversible course of:
- Take the primary 16 characters of the serial quantity.
- Append 8 bytes derived from a static “salt” desk.
- Hash the consequence with SHA256.
- Base64-encode the hash.
- Take the primary eight characters and substitute some letters with particular characters.
Attackers can leak the serial variety of the goal printer utilizing numerous strategies or by exploiting CVE-2024-51977. They’ll then use the algorithm to generate the default admin password and log in as admin.
From there, they could reconfigure the printer, entry saved scans, learn handle books, exploit CVE-2024-51979 for distant code execution, or exploit CVE-2024-51984 to reap credentials.
Rapid7 started its disclosure course of in Might 2024 and was aided by JPCERT/CC in coordinating disclosures to different producers.
Though all flaws have been fastened in firmware updates made accessible by impacted producers, the case with CVE-2024-51978 is sophisticated when it comes to danger administration.
The vulnerability is rooted within the password technology logic utilized in {hardware} manufacturing, and therefore, any units made earlier than its discovery may have predictable passwords except customers change them.
“Brother has indicated that this vulnerability can’t be totally remediated in firmware, and has required a change to the manufacturing technique of all affected fashions,” explains Rapid7 concerning CVE-2024-51978.
Customers of present Brother printers listed within the impacted fashions ought to take into account their units susceptible and instantly change the default admin password, adopted by making use of the firmware updates.
On the whole, it’s endorsed to limit entry to the printer’s admin interfaces over unsecured protocols and exterior networks.
Safety bulletins with directions on what customers ought to do can be found for Brother, Konica Minolta, Fujifilm, Ricoh, and Toshiba.
Patching used to imply advanced scripts, lengthy hours, and limitless fireplace drills. Not anymore.
On this new information, Tines breaks down how fashionable IT orgs are leveling up with automation. Patch quicker, scale back overhead, and concentrate on strategic work — no advanced scripts required.
