Hundreds of Brother printer models have security flaw that can't be patched

A security company has found eight security vulnerabilities that impact hundreds of Brother printer models. The company has released firmware updates to handle seven of these vulnerabilities, but one security flaw cannot be patched. 

Brother has indicated that it'll fix the remaining issue during the manufacturing process of future printers, which doesn't help current owners. The company recommends that users change the default main password. Otherwise, bad actors could remotely access impacted devices. Though primarily impacting around 700 Brother printers, 59 units manufactured by Fujifilm, Toshiba, Ricoh and Konica Minolta are also at risk. 

The security flaw is called CVE-2024-51978 in the National Vulnerability Database, and has a 9.8 “Critical” CVSS rating. Simply put, attackers could generate the default admin password so long as they know the serial number of the printer.

Once this has been done, bad actors would be able to exploit the other seven vulnerabilities if the user didn't patch them up. These remaining flaws allow hackers to retrieve sensitive information, crash the device, open TCP connections, perform HTTP requests and reveal passwords for connected networks.

So what should you do? Check this list of impacted printers to see if you're at risk. Most importantly, change the default password. 

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/hundreds-of-brother-printer-models-have-security-flaw-that-cant-be-patched-165402227.html?src=rss https://www.engadget.com/cybersecurity/hundreds-of-brother-printer-models-have-security-flaw-that-cant-be-patched-165402227.html?src=rss