Rapid 7 security researchers have discovered eight weaknesses in the brother printer that affects a total of 689 different printer models. Fujifilm business, Rico, Toshiba and Konika printers are also affected.
It is appropriate to say that most brothers printers are affected by this issue. The company has created one PDF documents This lishes its equipment and safety issues that affect them. The list includes printer and laser printer injected. You need a printer model, eg, MFC-L2710DN, which you lie on the printer. Use the underlying search functionality to find out whether a specific printer is affected and to what extent.
The PDF document also contains updated information for each printer. If you see available in the firmware updated column, you know that an updated driver is already available. The next phase is then visiting the brother website to download the firmware update utility or check the administrator interface for firmware updates.
The brother recommends changing the printer’s default administrator password after the installation of the firmware update. If a firmware is not yet available, it recommends applying the workaround (see below) and checking the support page for updates.
Most severe vulnerability
Rapid7 note The most serious of the weaknesses is a certification bypass vulnerability. An informal hacker default administrator can take advantage of vulnerability to generate passwords. If that password has not been changed, this will provide access to the administrator interface to the attacker.
The brother notes that vulnerability by firmware alone cannot be removed. This means, it is necessary that you immediately replace the default administrator password of your brother printer to protect you from possible attacks.
Note that all weaknesses require minimal network or web connectivity. If you do not connect the printer to the network or the Internet, or the settings have an incompetent functionality, it may not be affected by some of all the weaknesses.
Brother suggests the following work -round for weaknesses (they can affect some functionality):
- CVE-2017-9765 Disable WsD function.
- Disable Cve-2024-2169 TFTP.
- CVE-2024-51977 No Work-Around.
- CVE-2024-51978 change the default administrator password.
- CVE-2024-51979 Replace Default Administrator Password.
- Disable Cve-2024-51980 WSD function.
- CVE-2024-51981 disable the WSD function.
- CVE-2024-51982 No Work-Around.
- CVE-2024-51983 disable the WSD function.
- CVE-2024-51984 change the default administrator password.
As you can see, the work -round is available for all reported issues.
Note:
- WSD refers to web services for devices. You may be able to close it in printer settings.
- TFTP refers to the trivial file transfer protocol. It is used to move files between clients and servers. You may be able to close the feature in printer settings.
Additional information is provided Brother website,
Now you: Do you use brother printer? Are you influenced by the security issue?
Thanks for reading..
