A complete of 689 printer fashions from Brother, together with 53 different fashions from Fujifilm, Toshiba, and Konica Minolta, include a default administrator password that distant attackers can generate. Even worse, there is no such thing as a technique to repair the flaw by way of firmware in present printers.
The flaw, tracked below CVE-2024-51978, is a part of a set of eight vulnerabilities found by Rapid7 researchers throughout a prolonged examination of Brother {hardware}.
| CVE | Description | Affected Service | CVSS |
|---|---|---|---|
| CVE-2024-51977 | An unauthenticated attacker can leak delicate info. | HTTP (Port 80), HTTPS (Port 443), IPP (Port 631) | 5.3 (Medium) |
| CVE-2024-51978 | An unauthenticated attacker can generate the system’s default administrator password. | HTTP (Port 80), HTTPS (Port 443), IPP (Port 631) | 9.8 (Important) |
| CVE-2024-51979 | An authenticated attacker can set off a stack primarily based buffer overflow. | HTTP (Port 80), HTTPS (Port 443), IPP (Port 631) | 7.2 (Excessive) |
| CVE-2024-51980 | An unauthenticated attacker can power the system to open a TCP connection. | Net Providers over HTTP (Port 80) | 5.3 (Medium) |
| CVE-2024-51981 | An unauthenticated attacker can power the system to carry out an arbitrary HTTP request. | Net Providers over HTTP (Port 80) | 5.3 (Medium) |
| CVE-2024-51982 | An unauthenticated attacker can crash the system. | PJL (Port 9100) | 7.5 (Excessive) |
| CVE-2024-51983 | An unauthenticated attacker can crash the system. | Net Providers over HTTP (Port 80) | 7.5 (Excessive) |
| CVE-2024-51984 | An authenticated attacker can disclose the password of a configured exterior service. | LDAP, FTP | 6.8 (Medium) |
This important vulnerability may be chained with different vulnerabilities found by Rapid7 to find out the admin password, take management of units, carry out distant code execution, crash them, or pivot inside the networks they’re linked to.
Not all the flaws have an effect on each one of many 689 Brother printer fashions, however different producers, together with Fujifilm (46 fashions), Konica Minolta (6), Ricoh (5), and Toshiba (2), are impacted as properly.
Supply: Rapid7
Insecure password era
The default password within the impacted printers is generated throughout manufacturing utilizing a customized alogirthm primarily based on the system’s serial quantity.
In keeping with a detailed technical evaluation by Rapid7, the password era algorithm follows an simply reversible course of:
- Take the primary 16 characters of the serial quantity.
- Append 8 bytes derived from a static “salt” desk.
- Hash the consequence with SHA256.
- Base64-encode the hash.
- Take the primary eight characters and substitute some letters with particular characters.
Attackers can leak the serial variety of the goal printer utilizing varied strategies or by exploiting CVE-2024-51977. They’ll then use the algorithm to generate the default admin password and log in as admin.
From there, they could reconfigure the printer, entry saved scans, learn handle books, exploit CVE-2024-51979 for distant code execution, or exploit CVE-2024-51984 to reap credentials.
Rapid7 started its disclosure course of in Might 2024 and was aided by JPCERT/CC in coordinating disclosures to different producers.
Though all flaws have been mounted in firmware updates made obtainable by impacted producers, the case with CVE-2024-51978 is difficult when it comes to danger administration.
The vulnerability is rooted within the password era logic utilized in {hardware} manufacturing, and therefore, any units made earlier than its discovery could have predictable passwords except customers change them.
“Brother has indicated that this vulnerability can’t be absolutely remediated in firmware, and has required a change to the manufacturing strategy of all affected fashions,” explains Rapid7 relating to CVE-2024-51978.
Customers of present Brother printers listed within the impacted fashions ought to contemplate their units susceptible and instantly change the default admin password, adopted by making use of the firmware updates.
On the whole, it’s endorsed to limit entry to the printer’s admin interfaces over unsecured protocols and exterior networks.
Safety bulletins with directions on what customers ought to do can be found for Brother, Konica Minolta, Fujifilm, Ricoh, and Toshiba.
Patching used to imply advanced scripts, lengthy hours, and limitless hearth drills. Not anymore.
On this new information, Tines breaks down how trendy IT orgs are leveling up with automation. Patch quicker, cut back overhead, and deal with strategic work — no advanced scripts required.
