Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search

Critical Vulnerabilities Discovered in Hundreds of Brother and Other Printers

Redazione RHC : 27 June 2025 15:34

Hundreds of printer models from Brother and other manufacturers (Fujifilm, Toshiba, Ricoh and Konica Minolta) have been found to be vulnerable to serious vulnerabilities discovered by researchers at Rapid7. For example, the printers come with a default administrator password that can be generated by remote attackers.

In total, experts have identified eight different issues in Brother printers:

CVEDescriptionWhat does it affect?CVSS
CVE-2024-51977An unauthenticated attacker can cause the leak of sensitive information.HTTP (port 80), HTTPS (port 443), IPP (port 631)5.3 points
CVE-2024-51978An unauthenticated attacker can generate a default password for the administrator.HTTP (port 80), HTTPS (port 443), IPP (port 631)9.8 points
CVE-2024-51979An authenticated attacker can trigger a stack buffer overflow.HTTP (port 80), HTTPS (port 443), IPP (port 631)7.2 points
CVE-2024-51980An unauthenticated attacker can force the device to open a TCP connection.Web Services over HTTP (port 80)5.3 points
CVE-2024-51981An unauthenticated attacker can force the device to make an arbitrary HTTP request.Web Services over HTTP (port 80)5.3 points
CVE-2024-51982An unauthenticated attacker can cause the device to crash.PJL (port 9100)7.5 points
CVE-2024-51983An unauthenticated attacker can cause the device to crash. device anomalous.Web services over HTTP (port 80)7.5 points
CVE-2024-51984An authenticated attacker can reveal the password of a configured external service.LDAP server, FTP server6.8 points

The most severe, discovered by security researchers, is CVE-2024-51978, as the default password on vulnerable printers is generated at manufacturing time using a special algorithm and is based on the device’s serial number. Rapid7 analysts write that the password generation process is easily reversible and looks like this:

  • take the first 16 characters of the device serial number;
  • add 8 bytes obtained from the static table with salt;
  • hash the result using SHA256;
  • hash in hash format Base64;
  • Take the first eight characters and replace some letters with special symbols.

Note that attackers can access the target printer’s serial number using various methods or by exploiting CVE-2024-51977. They can then use the described algorithm to generate an administrator password and log in as administrator.

Attackers can then reconfigure the printer, access saved scanned images, access the address book content, exploit the CVE-2024-51979 for remote code execution or the CVE-2024-51984 to harvest credentials.

Although all the vulnerabilities above mentioned have already been fixed in updated firmware released by manufacturers, the critical issue CVE-2024-51978 has not been so easy to fix. After all, the root of the vulnerability lies in the password generation logic itself used in the manufacturing of the equipment. In other words, all devices manufactured before the discovery of this issue will continue to use predictable default passwords unless users change them.

Redazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli