A complete of 689 printer fashions from Brother, together with 53 different fashions from Fujifilm, Toshiba, and Konica Minolta, include a default administrator password that distant attackers can generate. Even worse, there is no such thing as a option to repair the flaw through firmware in present printers.
The flaw, tracked beneath CVE-2024-51978is a part of a set of eight vulnerabilities found by Rapid7 researchers throughout a prolonged examination of Brother {hardware}.
CVE
Description
Affected Service
CVSS
CVE-2024-51977
An unauthenticated attacker can leak delicate info.
HTTP (Port 80), HTTPS (Port 443), IPP (Port 631)
5.3 (Medium)
CVE-2024-51978
An unauthenticated attacker can generate the system’s default administrator password.
HTTP (Port 80), HTTPS (Port 443), IPP (Port 631)
9.8 (Important)
CVE-2024-51979
An authenticated attacker can set off a stack primarily based buffer overflow.
HTTP (Port 80), HTTPS (Port 443), IPP (Port 631)
7.2 (Excessive)
CVE-2024-51980
An unauthenticated attacker can pressure the system to open a TCP connection.
Net Companies over HTTP (Port 80)
5.3 (Medium)
CVE-2024-51981
An unauthenticated attacker can pressure the system to carry out an arbitrary HTTP request.
Net Companies over HTTP (Port 80)
5.3 (Medium)
CVE-2024-51982
An unauthenticated attacker can crash the system.
PJL (Port 9100)
7.5 (Excessive)
CVE-2024-51983
An unauthenticated attacker can crash the system.
Net Companies over HTTP (Port 80)
7.5 (Excessive)
CVE-2024-51984
An authenticated attacker can disclose the password of a configured exterior service.
LDAP, FTP
6.8 (Medium)
This important vulnerability will be chained with different vulnerabilities found by Rapid7 to find out the admin password, take management of gadgets, carry out distant code execution, crash them, or pivot throughout the networks they’re related to.
Not the entire flaws have an effect on each one of many 689 Brother printer fashions, however different producers, together with Fujifilm (46 fashions), Konica Minolta (6), Ricoh (5), and Toshiba (2), are impacted as properly.
Variety of impacted fashions for every of the eight flaws
Supply: Rapid7
Insecure password technology
The default password within the impacted printers is generated throughout manufacturing utilizing a customized alogirthm primarily based on the system’s serial quantity.
In response to a detailed technical evaluation by Rapid7, the password technology algorithm follows an simply reversible course of:
Take the primary 16 characters of the serial quantity.
Append 8 bytes derived from a static “salt” desk.
Hash the consequence with SHA256.
Base64-encode the hash.
Take the primary eight characters and substitute some letters with particular characters.
Attackers can leak the serial variety of the goal printer utilizing varied strategies or by exploiting CVE-2024-51977. They will then use the algorithm to generate the default admin password and log in as admin.
From there, they might reconfigure the printer, entry saved scans, learn handle books, exploit CVE-2024-51979 for distant code execution, or exploit CVE-2024-51984 to reap credentials.
Rapid7 started its disclosure course of in Might 2024 and was aided by JPCERT/CC in coordinating disclosures to different producers.
Though all flaws have been fastened in firmware updates made accessible by impacted producers, the case with CVE-2024-51978 is difficult by way of threat administration.
The vulnerability is rooted within the password technology logic utilized in {hardware} manufacturing, and therefore, any gadgets made earlier than its discovery can have predictable passwords until customers change them.
“Brother has indicated that this vulnerability can’t be totally remediated in firmware, and has required a change to the manufacturing technique of all affected fashions,” explains Rapid7 relating to CVE-2024-51978.
Customers of present Brother printers listed within the impacted fashions ought to take into account their gadgets weak and instantly change the default admin password, adopted by making use of the firmware updates.
On the whole, it is suggested to limit entry to the printer’s admin interfaces over unsecured protocols and exterior networks.
Safety bulletins with directions on what customers ought to do can be found for Brother, Konica Minolta, Fujifilm, Ricohand Toshiba.
Patching used to imply advanced scripts, lengthy hours, and limitless fireplace drills. Not anymore.
On this new information, Tines breaks down how trendy IT orgs are leveling up with automation. Patch quicker, scale back overhead, and concentrate on strategic work — no advanced scripts required.
