Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Brother makes some solid, reliable printers. In fact, the verge runs for several years named it The best printer you should buy. Unfortunately, the company’s devices seem to be through with new zero-day errors that could enable an experienced cyber criminals to kidnap them.
The weak points were discovered by cybersecurity company Rapid7 that Published a blog About the bugs last week. The blog explains that Cyber professionals from Rapid7 came across a total of eight new zero-day weak points in the machines after some research. The weaknesses are all different, although there is one that is pretty bad. CVE-2024-51978 is a susceptibility to authentication bypass, which could enable a hacker to grab the printer’s password. Researchers collapse it like this: Sun:
An unauthorized attacker can expire the serial number of the target device via one of several means and generate the standard administrator password of the target device. This can be attributed to the discovery of the standard expertise generating procedure used by brother devices. This procedure transforms a serial number into a standard password. Affected devices have their standard password set based on the clear serial number of each device during the manufacturing process. Brother pointed out that this vulnerability cannot be fully remedied in firmware and has required a change in the manufacturing process of all affected models.
The researchers originally contacted Brother Industries last year, and since then the printing company and security researchers have contacted and worked on alleviating the problems. The errors also affect several other printer brands, including FujifilmPresent RicohPresent ToshibaAnd Konica Minolta according to researchers.
Dark readers who Millions of devices appear to be affected. Fortunately, the researchers find that there is no evidence that the errors in the wild are used. Brother has it too Patches output For the weak points.
In addition to installing patches, users are also asked to change their standard administrator password. That should stop the bad mistake, CVE-2024-51978, which would have made it possible for an intruder to kidnap the machine. If you do not do this, the researchers warn that an attacker could “use this standard administrator password to either re -configure the target device or only make functionality accessible to authenticated users.”
Gizmodo turned to Brother Industries to obtain further information. In a statement that was shared on Wednesday, the company said: “Brother would like to thank Rapid7 for her efforts to discover the problems. We informed our customers about the reduction on our website.”
