A critical bug affects millions of Brother printers, as well as some scanners and label makers. Eight critical vulnerabilities were discovered back in 2024. One issue involves a vulnerability (CVE-2024-51978) that cannot be fixed with a firmware update—only by redesigning future printers. Brother developed patches for the other seven vulnerabilities that can be fixed with firmware updates.
Vulnerabilities in accessories are not new; what makes this one different?
Years ago, your printer, router, and many other devices would come with a simple default password (that everyone knew) printed on the label. To enhance the security of the default administrator password that comes with your printer, Brother has developed a mechanism that generates a unique password based on the unit's serial number. Someone figured out that math.
If someone discovers your printer's serial number—an easy task with basic network tools—they can calculate the default administrator password. With this password, they can gain unauthorized access to your printer, modify its settings, or even remotely control it. Additionally, if there are unpatched vulnerabilities, an attacker could turn your printer into a remote access point for your entire business or home network.
To understand the magnitude of this problem, 748 models from Brother and other brands are affected. Six hundred eighty-nine Brother models alone have this critical password issue. A host of other vulnerabilities exist in these devices, including data leaks, code exploits, and denial-of-service flaws.
Takeaways:
- If you haven't changed the default admin password on your Brother (or other vulnerable) printer, do it today. This plugs the hole that attackers need to break in
- Brother has released firmware updates that patch seven of the eight vulnerabilities. Apply updates using the Brother web interface or the official app
- Best practices for printer configuration:
- Keep printers on a separate segment of your network whenever possible
- Turn off network sharing or remote admin access unless absolutely needed
- Use strong, unique credentials for any admin login
- Monitor for suspicious activities for network-connected printers
- Watch for unexpected behavior: strange print jobs, credentials being changed, or the device becoming unresponsive
- If you notice anything odd, consider isolating the printer or rebooting it after changing the admin password
#ALTACyber
------------------------------
Genady Vishnevetsky
Chief Info Security Officer
Stewart Title Guaranty Company
Houston TX
------------------------------