TL;DR: Hackers have cracked Brother’s technique of producing default admin passwords for a whole bunch of its printers, scanners, and label makers, placing customers who have not modified them in danger. Moreover, researchers discovered seven different severe vulnerabilities affecting Brother and different manufacturers. Customers ought to go to firm web sites for safety advisories and replace their firmware.
Safety researchers at Rapid7 lately reported eight vulnerabilities affecting over 689 printers, scanners, and label makers manufactured by Brother. A number of fashions from Fujifilm, Ricoh, Toshiba, and Konica Minolta are additionally impacted.
Essentially the most severe vulnerability (CVE-2024-51978) lets attackers uncover default administrator passwords for Brother, Toshiba, and Konica Minolta gadgets if they’ve the gadget’s serial quantity. Hackers have already uncovered the strategy producers use to generate distinctive default passwords from serial numbers.
Brother can not patch the outlet as a result of it generates the default passwords through the manufacturing course of. The corporate has already up to date its password generator, so gadgets made after March 2025 must be unaffected. Nevertheless, customers with older fashions ought to change their administrator passwords.
In the meantime, a number of different vulnerabilities let attackers leak delicate data, take management of gadgets, execute code remotely, or set off crashes. Firmware updates to repair all of them at the moment are out there.
Brother has posted a listing of affected gadgets on its help web site, together with safety advisories for printers, scanners, and label makers detailing the required fixes. Likewise, Fujifilm, Ricoh, Toshiba, and Konica Minolta have printed related steering on their respective web sites. Most cures contain disabling WSD, turning off TFTP, or altering the administrator password.
One other flaw (CVE-2024-51982) permits attackers to repeatedly crash gadgets by connecting to TCP port 9100. Brother notes that putting in new firmware is the one method to handle this subject. Nevertheless, some customers could also be hesitant to replace since Brother started intentionally degrading print high quality when its printers detect third-party toner.
Brother printers have been as soon as praised for supporting third-party toner, particularly as HP drew criticism for locking prospects into expensive ink subscriptions. Whereas third-party toner nonetheless features in Brother gadgets, customers can now not routinely register colours, and print high quality is considerably degraded. These involved about these safety vulnerabilities might wish to weigh the dangers in opposition to the potential financial savings on substitute ink.
