A critical vulnerability impacts 689 printer models from Brother and also 53 other models from several other brands. The flaw allows a remote attacker to easily generate the device’s default administrator password and take full control. This specific vulnerability, which is tracked as CVE-2024-51978, has a critical CVSS score of 9.8 out of 10. The security flaw is part of a set of eight different vulnerabilities that were discovered by Rapid7 security researchers.
The default password in the impacted printers is generated during the hardware manufacturing process using a custom algorithm.
This algorithm is based on the device’s serial number and follows an easily reversible process to create the password. Attackers can leak the serial number of the target printer by using a variety of different known online methods. They can then use the discovered algorithm to generate the default admin password and log into the device as admin.
This critical vulnerability can be chained with other discovered flaws to determine the powerful admin password on devices. From there, attackers may reconfigure the printer, access stored scans, or read the device’s entire address book. They can also exploit other vulnerabilities for remote code execution or to pivot within the corporate networks they’re connected to.
This gives the attackers a very significant foothold inside a compromised organization’s private and protected computer network.
Although most of the flaws can be fixed in firmware updates, the case with this vulnerability is more complicated. This vulnerability is rooted in the password generation logic that is used in the hardware manufacturing of the device. Brother has indicated that this vulnerability cannot be fully remediated in the firmware of any existing printers. Users of existing printers should consider their devices vulnerable and immediately change the default admin password on them.
Reference:
