Redazione RHC : 27 June 2025 15:34
Hundreds of printer models from Brother and other manufacturers (Fujifilm, Toshiba, Ricoh and Konica Minolta) have been found to be vulnerable to serious vulnerabilities discovered by researchers at Rapid7. For example, the printers come with a default administrator password that can be generated by remote attackers.
In total, experts have identified eight different issues in Brother printers:
CVE | Description | What does it affect? | CVSS |
CVE-2024-51977 | An unauthenticated attacker can cause the leak of sensitive information. | HTTP (port 80), HTTPS (port 443), IPP (port 631) | 5.3 points |
CVE-2024-51978 | An unauthenticated attacker can generate a default password for the administrator. | HTTP (port 80), HTTPS (port 443), IPP (port 631) | 9.8 points |
CVE-2024-51979 | An authenticated attacker can trigger a stack buffer overflow. | HTTP (port 80), HTTPS (port 443), IPP (port 631) | 7.2 points |
CVE-2024-51980 | An unauthenticated attacker can force the device to open a TCP connection. | Web Services over HTTP (port 80) | 5.3 points |
CVE-2024-51981 | An unauthenticated attacker can force the device to make an arbitrary HTTP request. | Web Services over HTTP (port 80) | 5.3 points |
CVE-2024-51982 | An unauthenticated attacker can cause the device to crash. | PJL (port 9100) | 7.5 points |
CVE-2024-51983 | An unauthenticated attacker can cause the device to crash. device anomalous. | Web services over HTTP (port 80) | 7.5 points |
CVE-2024-51984 | An authenticated attacker can reveal the password of a configured external service. | LDAP server, FTP server | 6.8 points |
The most severe, discovered by security researchers, is CVE-2024-51978, as the default password on vulnerable printers is generated at manufacturing time using a special algorithm and is based on the device’s serial number. Rapid7 analysts write that the password generation process is easily reversible and looks like this:
Note that attackers can access the target printer’s serial number using various methods or by exploiting CVE-2024-51977. They can then use the described algorithm to generate an administrator password and log in as administrator.
Attackers can then reconfigure the printer, access saved scanned images, access the address book content, exploit the CVE-2024-51979 for remote code execution or the CVE-2024-51984 to harvest credentials.
Although all the vulnerabilities above mentioned have already been fixed in updated firmware released by manufacturers, the critical issue CVE-2024-51978 has not been so easy to fix. After all, the root of the vulnerability lies in the password generation logic itself used in the manufacturing of the equipment. In other words, all devices manufactured before the discovery of this issue will continue to use predictable default passwords unless users change them.