A complete of 689 printer fashions from Brother, together with 53 different fashions from Fujifilm, Toshiba, and Konica Minolta, include a default administrator password that distant attackers can generate. Even worse, there is no such thing as a technique to repair the flaw by way of firmware in current printers.
The flaw, tracked beneath CVE-2024-51978, is a part of a set of eight vulnerabilities found by Rapid7 researchers throughout a prolonged examination of Brother {hardware}.
| CVE | Description | Affected Service | CVSS |
|---|---|---|---|
| CVE-2024-51977 | An unauthenticated attacker can leak delicate data. | HTTP (Port 80), HTTPS (Port 443), IPP (Port 631) | 5.3 (Medium) |
| CVE-2024-51978 | An unauthenticated attacker can generate the system’s default administrator password. | HTTP (Port 80), HTTPS (Port 443), IPP (Port 631) | 9.8 (Important) |
| CVE-2024-51979 | An authenticated attacker can set off a stack primarily based buffer overflow. | HTTP (Port 80), HTTPS (Port 443), IPP (Port 631) | 7.2 (Excessive) |
| CVE-2024-51980 | An unauthenticated attacker can drive the system to open a TCP connection. | Internet Companies over HTTP (Port 80) | 5.3 (Medium) |
| CVE-2024-51981 | An unauthenticated attacker can drive the system to carry out an arbitrary HTTP request. | Internet Companies over HTTP (Port 80) | 5.3 (Medium) |
| CVE-2024-51982 | An unauthenticated attacker can crash the system. | PJL (Port 9100) | 7.5 (Excessive) |
| CVE-2024-51983 | An unauthenticated attacker can crash the system. | Internet Companies over HTTP (Port 80) | 7.5 (Excessive) |
| CVE-2024-51984 | An authenticated attacker can disclose the password of a configured exterior service. | LDAP, FTP | 6.8 (Medium) |
This significant vulnerability could be chained with different vulnerabilities found by Rapid7 to find out the admin password, take management of gadgets, carry out distant code execution, crash them, or pivot throughout the networks they’re related to.
Not the entire flaws have an effect on each one of many 689 Brother printer fashions, however different producers, together with Fujifilm (46 fashions), Konica Minolta (6), Ricoh (5), and Toshiba (2), are impacted as properly.
Supply: Rapid7
Insecure password era
The default password within the impacted printers is generated throughout manufacturing utilizing a customized alogirthm primarily based on the system’s serial quantity.
In accordance with a detailed technical evaluation by Rapid7, the password era algorithm follows an simply reversible course of:
- Take the primary 16 characters of the serial quantity.
- Append 8 bytes derived from a static “salt” desk.
- Hash the end result with SHA256.
- Base64-encode the hash.
- Take the primary eight characters and substitute some letters with particular characters.
Attackers can leak the serial variety of the goal printer utilizing numerous strategies or by exploiting CVE-2024-51977. They will then use the algorithm to generate the default admin password and log in as admin.
From there, they might reconfigure the printer, entry saved scans, learn tackle books, exploit CVE-2024-51979 for distant code execution, or exploit CVE-2024-51984 to reap credentials.
Rapid7 started its disclosure course of in Might 2024 and was aided by JPCERT/CC in coordinating disclosures to different producers.
Though all flaws have been mounted in firmware updates made accessible by impacted producers, the case with CVE-2024-51978 is sophisticated by way of threat administration.
The vulnerability is rooted within the password era logic utilized in {hardware} manufacturing, and therefore, any gadgets made earlier than its discovery may have predictable passwords until customers change them.
“Brother has indicated that this vulnerability can’t be absolutely remediated in firmware, and has required a change to the manufacturing means of all affected fashions,” explains Rapid7 relating to CVE-2024-51978.
Customers of current Brother printers listed within the impacted fashions ought to take into account their gadgets weak and instantly change the default admin password, adopted by making use of the firmware updates.
On the whole, it’s endorsed to limit entry to the printer’s admin interfaces over unsecured protocols and exterior networks.
Safety bulletins with directions on what customers ought to do can be found for Brother, Konica Minolta, Fujifilm, Ricoh, and Toshiba.
Patching used to imply advanced scripts, lengthy hours, and countless fireplace drills. Not anymore.
On this new information, Tines breaks down how trendy IT orgs are leveling up with automation. Patch quicker, scale back overhead, and deal with strategic work — no advanced scripts required.
