A significant security flaw has been discovered in hundreds of Brother printer models, identified as CVE-2024-51978, which cannot be fully patched. This flaw allows attackers to generate default administrator passwords by knowing the printer's serial number. Rapid7's research indicates that this vulnerability impacts 689 Brother devices, as well as others from Fujifilm, Toshiba Tec, Ricoh, and Konica Minolta. While some weaknesses can be patched, CVE-2024-51978 remains a critical security risk with a CVSS score of 9.8, enabling attackers to access sensitive device functions if they can obtain the serial number.
Hundreds of Brother printer models contain a serious security flaw, referenced as CVE-2024-51978, that cannot be fully patched on existing devices, allowing potential attacks.
An attacker who knows a device's serial number can generate its default administrator password, which remains unchanged by many users, demonstrating a significant security risk.
CVE-2024-51978, which has a CVSS score of 9.8 'Critical' severity, enables attackers to log in with full privileges and conduct various malicious activities.
Brother's password generation algorithm is easily reversible, enabling an attacker with the serial number to recover the factory password and gain access to sensitive information.
Collection
[
|
...
]