Brother printer on desk

Internet connected Brother printers need a password change – now

Posted on

Security firm Rapid7 has detected eight software vulnerabilities that can be exploited to give criminals access to your network. The flaws impact 689 different Brother printers with the big one being that the default password for the printer can be easily derived.

Even though the password is unique, it is generated using the device’s serial number which can be accessed by criminals without needing to log in to the device. That vulnerability, listed as CVE-2024-51978 in the Common Vulnerabilities and Exposures database where issues like this are ethically reported, is described:

An unauthenticated attacker who knows the target device’s serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device’s serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP request. 

That second CVE allows an attacker to access the device’s model, firmware version, IP address, and serial number.

Once an attacker has the serial number and then logs in by deriving the password based on the serial number, they can use vulnerability CVE-2024-51984 to discover other devices on the network and access those if they are not fully secured.

Compounding the issue is that the default password problem can’t be solved with a software or firmware update to affected printers. The only way to block this attack is to manually change the password.  

The remaining flaws can be fixed with a firmware update. 

While this may all sound quite complex, attackers will often string together several flaws and vulnerabilities to create an attack chain. In this case, by accessing one of the affected Brother printers, an attacker could access files on your network. 

If you have a Brother printer with the default password – change your password now.