If like me, you have a brother printer in your office, then put on your ink cartridges because Rapid7 just turned the bomb. No less 689 models for brother printers 8 vulnerabilities are affected, some of which are completely scary. And the most important of them allows any pirate to generate your printer administrator’s password without having to verify!
He is Stephen less, a researcher at Rapid7which therefore discovered these shortcomings during a research project with zero day. And believe me, he was not idle because he was taken for 11 months of cooperation with his brother and Jpcert (answering Japanese incidents) to identify all affected models and develop repairs. The publication of the public took place on June 25, 2025, and since then it has been a bit panic in IT services around the world.
The star of the show is CVE-2024-51978 With the CVSS score 9.8 out of 10, so say it’s a jackpot for hackers. This vulnerability allows the unauntized remote attacker to restore the serial number of the printer and generate the default password of the administrator. And yes, the password manager can be calculated from the serial number! Of course, Brother thought it was a good idea to create “unique” but predictable slogans. Ahhaha!
But wait, it’s worse !! This vulnerability affects 691 models and cannot be completely repaired by a simple firmware update. Brother will really have to change his production process for future models. Meanwhile, the printers remain vulnerable in circulation even after the application of the patch, which is a content to reduce damage without solving the basic problem.
Another 7 vulnerability must not be overcome because we have in particular CVE-2024-51979 (CVSS 7.2) that allows you to run an overflow memory and potentially perform any code on the printer. For example, Iça allows you to transform a printer to a zombie botnet!
There are also two vulnerabilities that allow the printer to be planted remotely (CVE-2024-51982 AND CVE-2024-51983Both with CVSS 7.5), which I can admit that it is practical if you want to rot the lives of your colleagues, but above all dangerous if someone decides to start a rejection against your entire fleet of printers.
Then CVE-2024-51980 AND CVE-2024-51981 (CVSS 5.3 Score) Allow the printer to open TCP connection or make any HTTP requirements. In principle, your printer can become a representative for harmful activities in your internal network. It’s nice to bypass Firewally!
In the end the little one CVE-2024-51977 (CVSS 5.3 scores) allows you to escape sensitive information CVE-2024-51984 It reveals the passwords of external services configured on the printer & mold. But at least it requires verification. Phew! (lol)
And as if it were enough, these vulnerabilities do not affect the brother! 46 models Fujifilm Business Innovation5 models Ricoh and 2 models Toshiba tec They are also influenced by some of these mistakes. Overall, we are talking about millions of vulnerable devices around the world.
So what if you have a fraternal printer? First, check that your model is 689 devices in the device list (Brother has published a full list on its website). Then use the available firmware updates immediately, because even if it does not repair everything, they still reduce risks.
For CVE-2024-51978Brother recommends changing the default motto administrator (no joke!) And deactivate non -essential network services. If you do not have to access your printer from the Internet, reduce all external access and, if possible, isolate your printers in a reserved VLAN with strict firewall rules.
Rapid7 deserves hell of the hat for playing the game of responsible publication. They worked with manufacturers for almost a year to ensure that repairs were available before the information was available, and even took the time to document each model affected by the CVE records, making it easier for IT teams.
Printers are often overlooked in security strategies if they have access to sensitive documents and are associated with the company’s internal network, so if you are responsible, it is now time to audit your printers. Check models, apply patches, change the default passwords, and above all sensitize your users, as a single small compromise printer can be used as an input point to compromise the entire network.
And for individuals, the risk is smaller, but still exists, especially if your brother’s printer is accessible from the Internet (for example, for distance printing). At least change the administrator password and install the available updates.
As usual, security is not a matter of servers and PC, it is the whole connected ecosystem that must be protected, so we take these vulnerabilities seriously and at work !!! Courage on weekends is coming!
Source
(Tagstotranslate) Brother 689 printer