![[The AI Show Episode 155]: The New Jobs AI Will Create, Amazon CEO: AI Will Cut Jobs, Your Brain on ChatGPT, Possible OpenAI-Microsoft Breakup & Veo 3 IP Issues](https://www.marketingaiinstitute.com/hubfs/ep%20155%20cover.png)
_lNsUgO2.jpg?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#){kind=tracking}
![Mercedes, Audi, Volvo Reject Apple's New CarPlay Ultra [Report]](https://www.iclarified.com/images/news/97711/97711/97711-640.jpg)
Multiple Brother Devices Vulnerabilities Open Devices for Hacking
A comprehensive security research investigation has unveiled eight critical vulnerabilities affecting 742 printer and multifunction device models across four major manufacturers. The discovery, stemming from a zero-day research project conducted by cybersecurity firm Rapid7, exposes severe security flaws in Brother Industries’ printer ecosystem that extend beyond the manufacturer’s own devices to impact models from FUJIFILM […] The post Multiple Brother Devices Vulnerabilities Open Devices for Hacking appeared first on Cyber Security News.
A comprehensive security research investigation has unveiled eight critical vulnerabilities affecting 742 printer and multifunction device models across four major manufacturers.
The discovery, stemming from a zero-day research project conducted by cybersecurity firm Rapid7, exposes severe security flaws in Brother Industries’ printer ecosystem that extend beyond the manufacturer’s own devices to impact models from FUJIFILM Business Innovation, Ricoh, and Toshiba Tec Corporation.
The vulnerabilities range from information disclosure to complete device compromise, with the most severe being an authentication bypass flaw assigned CVE-2024-51978 that carries a critical CVSS score of 9.8.
This particular vulnerability enables remote unauthenticated attackers to generate default administrator passwords by exploiting a predictable password generation algorithm that transforms device serial numbers into authentication credentials.
The flaw is so fundamental to the manufacturing process that Brother has indicated it cannot be fully remediated through firmware updates alone, requiring changes to the production pipeline for complete mitigation.
The scope of the security exposure is unprecedented in the printer security landscape, affecting 689 Brother devices alongside dozens of models from partner manufacturers.
Rapid7 analysts identified these vulnerabilities through extensive testing of multifunction printers, discovering attack vectors that span multiple network protocols including HTTP, HTTPS, IPP, PJL, and web services.
The research methodology involved detailed analysis of firmware components, protocol implementations, and authentication mechanisms across the affected device families.
The vulnerability cluster creates multiple attack pathways that can be chained together for maximum impact. An attacker can leverage CVE-2024-51977 to leak sensitive device information including serial numbers, then utilize CVE-2024-51978 to generate administrative credentials, and finally exploit CVE-2024-51979 for stack-based buffer overflow attacks that could lead to remote code execution.
This attack chain transforms what might appear as moderate individual vulnerabilities into a critical security threat when combined systematically.
Authentication Bypass and Default Password Generation Mechanism
The most significant vulnerability in this collection, CVE-2024-51978, exposes a fundamental flaw in Brother’s device security architecture through its predictable default password generation system.
During the manufacturing process, each device receives a unique default administrator password calculated using a deterministic algorithm that transforms the device’s serial number into the authentication credential.
This approach, while intended to provide unique passwords across the device fleet, creates a critical security weakness when the generation algorithm becomes known.
The attack methodology begins with serial number disclosure through multiple vectors. Attackers can obtain device serial numbers via CVE-2024-51977 through HTTP, HTTPS, or IPP services, or alternatively through direct PJL or SNMP queries that bypass the information leak vulnerability entirely.
Once the serial number is acquired, the predictable password generation algorithm allows attackers to compute the corresponding default administrator password without requiring any authenticated access to the target device.
Brother’s acknowledgment that this vulnerability cannot be fully addressed through firmware updates highlights the severity of the architectural flaw.
The company has implemented manufacturing process changes for newly produced devices while providing workarounds for existing installations.
However, devices manufactured using the original process remain fundamentally vulnerable unless administrators manually change default passwords, a step that many organizations overlook in their printer deployment procedures.
Vulnerabilities:-
CVE Description Affected Service CVSS Score CVE-2024-51977 An unauthenticated attacker can leak sensitive information HTTP (Port 80), HTTPS (Port 443), IPP (Port 631) 5.3 (Medium) CVE-2024-51978 An unauthenticated attacker can generate the device’s default administrator password HTTP (Port 80), HTTPS (Port 443), IPP (Port 631) 9.8 (Critical) CVE-2024-51979 An authenticated attacker can trigger a stack based buffer overflow HTTP (Port 80), HTTPS (Port 443), IPP (Port 631) 7.2 (High) CVE-2024-51980 An unauthenticated attacker can force the device to open a TCP connection Web Services over HTTP (Port 80) 5.3 (Medium) CVE-2024-51981 An unauthenticated attacker can force the device to perform an arbitrary HTTP request Web Services over HTTP (Port 80) 5.3 (Medium) CVE-2024-51982 An unauthenticated attacker can crash the device PJL (Port 9100) 7.5 (High) CVE-2024-51983 An unauthenticated attacker can crash the device Web Services over HTTP (Port 80) 7.5 (High) CVE-2024-51984 An authenticated attacker can disclose the password of a configured external service LDAP, FTP 6.8 (Medium)
The coordinated disclosure process, spanning thirteen months from initial contact to public release, involved collaboration between Rapid7, Brother Industries, and Japan’s JPCERT/CC coordination center.
Seven of the eight vulnerabilities have been addressed through firmware updates, with comprehensive remediation requiring both software patches and configuration changes to fully secure affected devices across the enterprise printer landscape.
Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions -> Try ANY.RUN now
The post Multiple Brother Devices Vulnerabilities Open Devices for Hacking appeared first on Cyber Security News.
