Latest news with #CVE-2024-51978
Engadget
3 days ago
- Engadget
Hundreds of Brother printer models have security flaw that can't be patched
A security company has found eight security vulnerabilities that impact hundreds of Brother printer models. The company has released firmware updates to handle seven of these vulnerabilities, but one security flaw cannot be patched. Brother has indicated that it'll fix the remaining issue during the manufacturing process of future printers, which doesn't help current owners. The company recommends that users change the default main password. Otherwise, bad actors could remotely access impacted devices. Though primarily impacting around 700 Brother printers, 59 units manufactured by Fujifilm, Toshiba, Ricoh and Konica Minolta are also at risk. To view this content, you'll need to update your privacy settings. Please click here and view the "Content and social-media partners" setting to do so. — Rapid7 (@rapid7) June 25, 2025 The security flaw is called CVE-2024-51978 in the National Vulnerability Database, and has a 9.8 'Critical' CVSS rating . Simply put, attackers could generate the default admin password so long as they know the serial number of the printer. Once this has been done, bad actors would be able to exploit the other seven vulnerabilities if the user didn't patch them up. These remaining flaws allow hackers to retrieve sensitive information, crash the device, open TCP connections, perform HTTP requests and reveal passwords for connected networks. So what should you do? Check this list of impacted printers to see if you're at risk . Most importantly, change the default password.
Gizmodo
4 days ago
- Gizmodo
Millions of Brother Printers Are Full of Hackable Bugs
Brother makes some solid, reliable printers. Indeed, for several years running, The Verge named it the best printer you should buy. Unfortunately, the company's devices appear to be riddled with new zero-day bugs that could allow a savvy cybercriminal to hijack them. The vulnerabilities were discovered by cybersecurity firm Rapid7, which published a blog about the bugs last week. The blog explains that, after some research, Rapid7's cyber pros came across a total of eight new zero-day vulnerabilities in the machines. The vulnerabilities are all different, though there is one that is pretty bad. CVE-2024-51978 is an authentication bypass vulnerability that could allow a hacker to nab the printer's password. Researchers break it down like so: A remote unauthenticated attacker can leak the target device's serial number through one of several means, and in turn generate the target device's default administrator password. This is due to the discovery of the default password generation procedure used by Brother devices. This procedure transforms a serial number into a default password. Affected devices have their default password set, based on each device's unique serial number, during the manufacturing process. Brother has indicated that this vulnerability cannot be fully remediated in firmware, and has required a change to the manufacturing process of all affected models. Researchers originally contacted Brother Industries last year, and the printing company and security researchers have been in touch since then, working to mitigate the issues. The bugs are also impacting several other printer brands, including Fujifilm, Ricoh, Toshiba, and Konica Minolta, according to researchers. Dark Reading notes that millions of devices appear to be impacted. Luckily, researchers note that there is no evidence that the bugs are being exploited in the wild. Brother has also issued patches for the vulnerabilities. In addition to installing patches, users are also encouraged to change their default administrator password. That should stop the bad bug, CVE-2024-51978, which would have allowed an intruder to hijack the machine. If you don't do that, researchers warn that an attacker could 'use this default administrator password to either reconfigure the target device, or access functionality only intended for authenticated users.' Gizmodo reached out to Brother Industries for more information. In a statement shared Wednesday, the company said: 'Brother would like to thank Rapid7 for their efforts in discovering the issues. We have informed our customers about the mitigation on our website.'
