Tech News
← Back to articles

Brother printer bug in 689 models exposes default admin passwords

2025-10-31 | original
read original related products more articles

A total of 689 printer models from Brother, along with 53 other models from Fujifilm, Toshiba, and Konica Minolta, come with a default administrator password that remote attackers can generate. Even worse, there is no way to fix the flaw via firmware in existing printers.

The flaw, tracked under CVE-2024-51978, is part of a set of eight vulnerabilities discovered by Rapid7 researchers during a lengthy examination of Brother hardware.

CVE Description Affected Service CVSS CVE-2024-51977 An unauthenticated attacker can leak sensitive information. HTTP (Port 80), HTTPS (Port 443), IPP (Port 631) 5.3 (Medium) CVE-2024-51978 An unauthenticated attacker can generate the device's default administrator password. HTTP (Port 80), HTTPS (Port 443), IPP (Port 631) 9.8 (Critical) CVE-2024-51979 An authenticated attacker can trigger a stack based buffer overflow. HTTP (Port 80), HTTPS (Port 443), IPP (Port 631) 7.2 (High) CVE-2024-51980 An unauthenticated attacker can force the device to open a TCP connection. Web Services over HTTP (Port 80) 5.3 (Medium) CVE-2024-51981 An unauthenticated attacker can force the device to perform an arbitrary HTTP request. Web Services over HTTP (Port 80) 5.3 (Medium) CVE-2024-51982 An unauthenticated attacker can crash the device. PJL (Port 9100) 7.5 (High) CVE-2024-51983 An unauthenticated attacker can crash the device. Web Services over HTTP (Port 80) 7.5 (High) CVE-2024-51984 An authenticated attacker can disclose the password of a configured external service. LDAP, FTP 6.8 (Medium)

This crucial vulnerability can be chained with other vulnerabilities discovered by Rapid7 to determine the admin password, take control of devices, perform remote code execution, crash them, or pivot within the networks they're connected to.

Not all of the flaws affect every one of the 689 Brother printer models, but other manufacturers, including Fujifilm (46 models), Konica Minolta (6), Ricoh (5), and Toshiba (2), are impacted as well.

Number of impacted models for each of the eight flaws

Source: Rapid7

Insecure password generation

The default password in the impacted printers is generated during manufacturing using a custom alogirthm based on the device's serial number.

According to a detailed technical analysis by Rapid7, the password generation algorithm follows an easily reversible process:

... continue reading

Related:
What does a blue USB port mean? I learned the truth behind all the colors, and it's wild
This LG StanbyMe 27-Inch Portable Monitor is super cool, and on sale!
U.S. Immigration Enforcement Apparently Provides Facial Scanning Tech to Local Cops
Chrysler recalls 320,000 Jeep plug-in hybrids over battery fire risk
Windows 10 Update Incorrectly Tells Some Users They've Reached End-of-Life, Despite Having Extended Support

© 2025 GoKawiil