Large vulnerabilities found in popular home and business printers – this is what we know
- Advertisement -
Related Posts
- Advertisement -
- Rapid7 research has discovered several vulnerabilities of the printer
- Brother, Fujifilm, Ricoh and Toshiba printers are all at risk
- Rapid7 and Brother have released mitigations and solutions
Brother industry produces part of the Best home printers On the market, and has millions of machines around the world.
But research by Rapid7 has shown that hundreds of home and business models are vulnerable to several serious security vulnerabilities.
What is worse, one of the vulnerabilities cannot be patched with a simple software update and the device must be re -designed to remove the error.
Millions of printers vulnerable
In total, Rapid7 found eight serious vulnerabilities that influenced 689 models of brother devices that cover printers, scanners and label makers. In addition, because of the position of Brother in the supply chain, 46 Fujifilm Models, five Ricoh models and two Toshiba models are also influenced by the vulnerabilities.
The most serious vulnerability – a verification for bypass vulnerability with a CVSS score of 9.8 – enables an attacker to use the standard password of the printer to take over the device and possibly gain access to connected systems. By acquiring the serial number of the target device, the attacker can generate the standard password for that specific device.
The standard passwords are generally generated during production, which means that in order to fully remedy this vulnerability, brother must make changes to the production process to protect devices against exploitation by being exploited by CVE-2024-51978.
The other vulnerabilities include methods for hackers to pick up sensitive information on the device, to activate buffer crossing -based buffer crossing, to force new TCP connections, to carry out random HTTP requests, to crash the device and reveal the passwords of a configured external device. The full details of these vulnerabilities and recommended remediations can be found here.
The RAPID7 research project was carried out in addition to JPCert/CC and Brother Industries to make consumers and companies aware of the threats of the vulnerabilities, and the potential mitigation measures that can be applied.
Maybe you like it too
- Advertisement -
