Brother printer vulnerability exposes thousands to potential remote takeover

Hackers discovered default admin password method, affecting 689 Brother devices and four brands.

: Researchers at Rapid7 uncovered eight vulnerabilities in over 689 devices by Brother, affecting printers, scanners, and label makers. A critical flaw allows hackers to derive default admin passwords using device serial numbers across Brother, Toshiba, and Konica Minolta products. Brother cannot patch this directly, urging users to change old device passwords and update firmware. Additional flaws permit remote code execution and device crashing, necessitating further security updates.

In a concerning development for cybersecurity, Rapid7's research has unveiled not just one, but eight vulnerabilities in a range of devices from well-known manufacturers including Brother, Toshiba, and Konica Minolta. Amongst these, the most alarming is the ability for hackers to uncover default administrator passwords if they possess the device's serial numbers. A multitude of devices, amounting to over 689 models of printers, scanners, and label makers, are exposed to this vulnerability. This weakness, identified as CVE-2024-51978, is critical, as it can lead to unauthorized control over the affected devices.

According to Rapid7, the way Brother and the other manufacturers generate passwords tied to serial numbers has been reverse-engineered by malicious actors. Due to this exposure, Brother has been unable to patch the existing models since password generation occurs at the manufacturing stage. However, Brother has updated its password generation system, ensuring that models produced post-March 2025 remain secure. For older models, Brother strongly advises users to manually change their default passwords and apply available firmware updates to mitigate risk.

Among the suite of vulnerabilities disclosed, another significant issue, tracked as CVE-2024-51982, involves the potential continuous crashing of devices through the exploitation of TCP port 9100. This flaw, reportedly, can only be rectified by installing new firmware. However, users may hesitate, given past instances where firmware updates led to deliberate decreases in print quality when third-party toner was detected.

Despite the critical nature of these security patches, there is user hesitance surrounding the required updates. Brother printers have historically gained popularity due to their compatibility with third-party toner, especially against competitors like HP that restrict third-party use. Although Brother still technically supports such toner, recent developments have limited automatic color registration and affected print quality. Users are thus caught between the need to secure their devices and the desire to maintain cost-effective print solutions.

The broader context shows a systemic issue in security practices for networked peripherals, urging manufacturers to balance security needs, hardware design constraints, and user preferences. As emphasized by the researchers and echoed across safety advisories from Fujifilm, Ricoh, and others, steps like disabling WSD, turning off TFTP, and frequently updating passwords are recommended practices. These vulnerabilities are part of a growing trend in cybersecurity challenges, indicating a need for comprehensive assessments and rigorous updates across the technology industry.

Sources: TechSpot, Rapid7 Blog

CybersecuritySecurityVulnerability