A slew of vulnerabilities, including a critical CVSS 9.8 that enables an attacker to generate the default admin password, affect hundreds of printer, scanner, and label-maker models made by manufacturer Brother.

DR (DZone Research) offers insights into software development trends, industry surveys, and technology adoption patterns, providing reports, whitepapers, and analyst insights to help businesses make informed decisions and stay competitive in the ever-evolving tech landscape. By exploring DR's curated content, developers can gain insights into emerging technologies, developer preferences, and industry best practices for building innovative and market-leading software solutions. Whether you're a startup founder, product manager, or tech executive, DR offers resources to guide your strategic planning and drive business success.

Dark Reading

Security researchers discovered eight vulnerabilities affecting 748 printer models from Brother and other manufacturers. The most critical flaw (CVE-2024-51978) with CVSS 9.8 allows attackers to generate default admin passwords based on device serial numbers and cannot be fixed through firmware updates. This unpatchable vulnerability affects 695 Brother device models and requires manufacturing process changes. Seven other vulnerabilities can be patched through firmware updates. The flaws enable various attacks including remote code execution, network pivoting, and credential theft when chained together.

Millions of Brother Printers Hit by Critical Unpatchable Bug

Change the Password: Brother Printer Mitigations