Significant security vulnerabilities have been identified in numerous Brother printer models, potentially allowing hackers to remotely access devices with unchanged default passwords. Discovered by the security firm Rapid7, these eight new vulnerabilities impact 689 types of Brother home and office printers, with one issue not resolvable through firmware updates.

These security issues also affect 59 printer models from brands like Fujifilm, Toshiba, Ricoh, and Konica Minolta, though not all vulnerabilities are present in every printer model. You can verify if your Brother printer model is impacted by visiting this resource.

A particularly severe security flaw, identified as CVE-2024-51978 in the National Vulnerability Database, has a “Critical” CVSS score of 9.8. It facilitates attackers in deriving the default admin password using the printer’s serial number, thereby enabling them to leverage the other seven vulnerabilities highlighted by Rapid7. These include extracting sensitive data, crashing the device, initiating TCP connections, conducting arbitrary HTTP requests, and revealing passwords for connected network services.

While seven of these security flaws can be fixed via firmware updates detailed in Rapid7’s report, Brother indicated to the company that CVE-2024-51978 itself “cannot be fully remediated in firmware,” and will be fixed via a change to the manufacturing process for future versions of affected printer models. For current models, Brother recommends that users change the default admin password for their printer via the device’s Web-Based Management menu

Changing default manufacturing passwords is something we should all be doing when we take a new device home anyway, and these printer vulnerabilities are a good example as to why.