The cybersecurity company Rapid7 He has discovered a series of serious security failures that affect hundreds of manufacturer’s printer models Brother And, to a lesser number, some of Toshiba and Ricohamong other brands. It’s about 8 vulnerabilitieswith a gravity that goes from average to high and criticism, one of which It cannot be solved by an update of the device firmware. The latter, which opens the door to the exploitation of others 6 Of the discovered vulnerabilities, it allows an attacker remotely access the devices that still use the default passwords that they bring from the factory and take control over them.
In total, they are 689 Printer models, both domestic and business, Brother They are affected by these failures, although not everyone is present in all of them. Vulnerabilities can also be found in 59 Printer models of Fujifilm, Toshiba, Ricoh and KONICA MINOLTA. If you have a Brother printer, you can check if your model is affected here.
The most serious vulnerability, registered as CVE-2024-51978 in the National Vulnerabilities Databasehas a qualification 9.8 Critical CVSS and allows the attackers to generate the default administrator password if they know the serial number of the target printer.
This critical vulnerability can be chained with other vulnerabilities discovered by Rapid7 to take control of printer, Execute code remotely, block them or move within the networks to which they are connected and access the external service passwords configured.
| Cve | Description | CVSS |
|---|---|---|
| CVE-2024-51977 | A non -authenticated attacker can access sensitive information. | 5.3 (mean) |
| CVE-2024-51978 | A non -authenticated attacker can generate the default administrator password. | 9.8 (criticism) |
| CVE-2024-51979 | An authenticated attacker can cause a stack -based buffer overflow. | 7.2 (high) |
| CVE-2024-51980 | A non -authenticated attacker can force the device to open a TCP connection. | 5.3 (mean) |
| CVE-2024-51981 | A non -authenticated attacker can force the device to make an arbitrary HTTP request. | 5.3 (mean) |
| CVE-2024-51982 | A non -authenticated attacker can cause device blocking. | 7.5 (high) |
| CVE-2024-51983 | A non -authenticated attacker can cause device blocking. | 7.5 (high) |
| CVE-2024-51984 | An authenticated attacker can reveal the password of an external service configured. | 6.8 (mean) |
The default password of the affected printers is generated during manufacturing using A personalized algorithm based on the device serial number.
According to the technical analysis of Rapid7, the password generation algorithm follows An easily reversible process:
- The first 16 characters of the serial number are taken.
- 8 bytes derived from static table of “salt” are added.
- A hash of the result is generated with SHA256.
- HASH is coded based64.
- The first eight characters are taken and some letters are replaced by special characters.
Attackers can access the serial number of the target printer through various methods or exploit vulnerability CVE-2024-51977. Subsequently, they can use the algorithm to generate the predetermined administrator password and log in as administrator.
While seven of these vulnerabilities can be corrected by firmware updates already launched by manufacturers, Brother has indicated to Rapid7 that the CVE-2024-51978 ‘It cannot be completely remedied by firmware’ and will be solved through a change in the process of manufacturing future versions of the affected models.
For the affected models, Brother recommends that users change the predetermined administrator password through the device’s web management menu, so that attackers can no longer exploit the CVE-2024-51978since the one based on the serial number will no longer be operational.