A significant security flaw affecting hundreds of Brother printer models has been identified, as detailed by Rapid7. Disclosed on June 25, the vulnerability, CVE-2024-51978, allows attackers to generate the default administrator password if they know or discover the printer's serial number. Although seven out of eight identified issues can be patched with firmware updates, CVE-2024-51978 remains unfixable on existing devices. The flaw has a critical CVSS score of 9.8, leading to severe implications such as unauthorized access and potential data breaches.
Hundreds of Brother printer models have been found to harbor a serious security flaw that can't be fully patched on existing devices.
An attacker who knows a device's serial number can reconstruct its factory password and log in with full privileges.
CVSS score of 9.8 indicates a 'Critical' severity level for the main vulnerability, CVE-2024-51978.
Brother uses a password generation algorithm during manufacturing that is easily reversible, leaving devices open to attack.
Collection
[
|
...
]