A serious security flaw, identified as CVE-2024-51978, affects 689 Brother printer models and 53 more from brands like Fujifilm, Toshiba, and Konica Minolta, allowing attackers to recreate the device’s default admin password.
This vulnerability stems from a flawed password generation process based on the printer’s serial number and cannot be fully fixed through firmware updates on existing devices.
Attackers can use this flaw alongside others recently discovered by Rapid7 to gain full admin access, execute remote code, crash devices, or move laterally within the network.
The default password is derived using a predictable algorithm involving SHA256 hashing and base64 encoding with static elements. While manufacturers have released firmware patches for several other related vulnerabilities, the admin password flaw requires a fundamental change in the manufacturing process.
Users are strongly advised to manually change the default admin password and apply all available firmware updates. Additionally, it’s recommended to limit printer access via unsecure networks to reduce risk.
Read more...