Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Brother makes solid and reliable printers. Indeed, for several years of racing, the rod appointed The best printer you need to buy. Unfortunately, the company’s devices seem to be riddled with new zero-day bugs that could allow a wise cybercrimiral to divert them.
Vulnerabilities were discovered by the Cybersecurity Company Rapid7, which published a blog About bugs last week. The blog explains that after some research, the Rapid7 cyber-pros came across a total of eight new zero day vulnerabilities day in the machines. The vulnerabilities are all different, although there is one which is quite bad. CVE-2024-51978 is a vulnerability of authentication bypass which could allow a hacker to pass the password of the printer. Researchers decompose it like that:
A distant non -authenticated striker can flee the serial number of the target device via one of the many means, and in turn generate the default administrator password of the target device. This is due to the discovery of the default password generation procedure used by Brother devices. This procedure transforms a serial number into a default password. The assigned devices have their default password, depending on the unique serial number of each device, during the manufacturing process. The brother indicated that this vulnerability cannot be fully corrected in the firmware and required a modification of the manufacturing process of all affected models.
Researchers initially contacted Brother Industries last year, and the printing company and security researchers have been in contact since then, working to mitigate problems. Bogues also have an impact on several other printers brands, in particular Fujifilm,, Rico,, ToshibaAnd Konica Minolta, according to researchers.
Dark reading notes that Millions of devices appear impact. Fortunately, the researchers note that there is no evidence that the bugs are exploited in the wild. Brother also Patch emitted For vulnerabilities.
In addition to installing fixes, users are also encouraged to modify their default administrator password. This should stop the bad bug, CVE-2024-51978, which would have allowed an intruder to divert the machine. If you do not do so, the researchers warn that an attacker could “use this default administrator password to reconfigure the target device or access the features intended only for authenticated users”.
Gizmodo contacted Brother Industries for more information. In a shared statement on Wednesday, the company said: “The brother would like to thank Rapid7 for his efforts to discover the problems. We informed our clients of the attenuation of our website.”
