TL;DR: Hackers have cracked Brother’s technique of producing default admin passwords for lots of of its printers, scanners, and label makers, placing customers who have not modified them in danger. Moreover, researchers discovered seven different severe vulnerabilities affecting Brother and different manufacturers. Customers ought to go to firm web sites for safety advisories and replace their firmware.
Safety researchers at Rapid7 lately reported eight vulnerabilities affecting over 689 printers, scanners, and label makers manufactured by Brother. A number of fashions from Fujifilm, Ricoh, Toshiba, and Konica Minolta are additionally impacted.
Probably the most severe vulnerability (CVE-2024-51978) lets attackers uncover default administrator passwords for Brother, Toshiba, and Konica Minolta units if they’ve the gadget’s serial quantity. Hackers have already uncovered the strategy producers use to generate distinctive default passwords from serial numbers.
Brother can not patch the opening as a result of it generates the default passwords in the course of the manufacturing course of. The corporate has already up to date its password generator, so units made after March 2025 must be unaffected. Nonetheless, customers with older fashions ought to change their administrator passwords.
In the meantime, a number of different vulnerabilities let attackers leak delicate data, take management of units, execute code remotely, or set off crashes. Firmware updates to repair all of them are actually obtainable.
Brother has posted an inventory of affected units on its help website, together with safety advisories for printers, scanners, and label makers detailing the required fixes. Likewise, Fujifilm, Ricoh, Toshiba, and Konica Minolta have printed comparable steering on their respective web sites. Most treatments contain disabling WSD, turning off TFTP, or altering the administrator password.
One other flaw (CVE-2024-51982) permits attackers to repeatedly crash units by connecting to TCP port 9100. Brother notes that putting in new firmware is the one technique to handle this subject. Nonetheless, some customers could also be hesitant to replace since Brother started intentionally degrading print high quality when its printers detect third-party toner.
Brother printers have been as soon as praised for supporting third-party toner, particularly as HP drew criticism for locking prospects into pricey ink subscriptions. Whereas third-party toner nonetheless capabilities in Brother units, customers can not routinely register colours, and print high quality is considerably degraded. These involved about these safety vulnerabilities could wish to weigh the dangers towards the potential financial savings on alternative ink.
