A major security issue has been discovered in millions of Brother printers. Researchers from Rapid7 found that these printers have eight different security flaws, and one of them is extremely serious. This particular flaw allows anyone to figure out the device’s administrator password without logging in. It has been given a critical severity score of 9.8 out of 10.
The vulnerability lies in the way Brother printers generate their default admin passwords. The password is based on the device’s serial number, which can often be guessed or found out remotely. Once someone knows the serial number, they can easily calculate the default password and gain full access to the printer.
What makes this even worse is that another flaw was found that leaks the printer’s serial number without needing any login. This means an attacker could combine the two flaws, first get the serial number, then generate the admin password, and take control of the printer remotely.
This issue affects a massive number of Brother devices. Rapid7 says the bug impacts around 689 different models. These include not just printers, but also scanners and label makers. The affected devices are used in homes, offices, and large organizations around the world.
Brother confirmed that this specific password-related flaw cannot be fixed through a normal software update. Instead, users are being told to manually change the default admin password to something stronger and unique. However, if the printer is ever reset to factory settings, the default password comes back, and users will have to change it again manually.
The other six flaws found by Rapid7 are less severe and can be fixed through firmware updates. These include bugs that could be used for denial-of-service attacks or buffer overflow attacks. Brother has released patches for those issues or is in the process of doing so.
What’s more concerning is that this is not just a Brother problem. Similar security flaws have been reported in printers made by other companies, including Ricoh, Fujifilm, Toshiba, and Konica Minolta. In total, more than 740 printer models from five different manufacturers have been found to be vulnerable.
Security experts are warning that millions of printers could be exposed to attacks because of these flaws. Hackers who gain access could change printer settings, steal confidential documents, or even use the printer as a way to get into the larger network. This can be a big threat, especially in companies where printers are connected to sensitive internal systems.
To stay safe, users should first check whether their printer model is affected. Brother has published a full list of impacted devices. If your device is on the list, the first step is to update the firmware to the latest version. Then, make sure to change the default administrator password as recommended.
For companies and IT teams, it is also a good idea to limit the printer’s access to the internet, place it behind a firewall, and isolate it from critical systems on the network. These are basic but effective steps to reduce the risk of a potential breach.
This incident is a reminder that even devices like printers, which many people overlook, can be entry points for cyberattacks. In today’s world, every connected device must be treated like a computer and protected with the same level of care.
Brother is currently working with Rapid7 and Japan’s JPCERT to address the issues and improve the security of their future products. But for now, it is up to users to apply the fixes and follow the security advice being shared.
If you are using a Brother printer, don’t ignore this. Take a few minutes to update your device and change its default settings. A small step now can prevent serious problems later.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
