Critical Security Flaw in 689 Brother Printers and Other Brands Exposes Default Admin Passwords

A vulnerability affecting 689 models of Brother printers, as well as various models from Fujifilm, Toshiba, and Konica Minolta, exposes default admin passwords that can be remotely generated by malicious actors. Additionally, there is currently no method to resolve this issue by updating the firmware of the existing printers.

CVE-2024-51978 forms part of a set of eight vulnerabilities identified by Rapid7 researchers during their investigation of Brother equipment. Exploiting CVE-2024-51978 along with other weaknesses allows attackers to determine the administrator password, gain control over devices, execute code remotely, disable devices, or infiltrate other areas of the network to which the printers are connected.

Beyond the hundreds of Brother printer models, 46 Fujifilm models, 6 Konica Minolta models, 5 Ricoh models, and 2 Toshiba models are also affected by this issue.

The default password for the impacted printers is generated during production using a specific algorithm based on the device’s serial number. Rapid7 indicates that the password generation algorithm is a straightforward reversible process:

1. Take the first 16 characters of the serial number.
2. Add 8 bytes derived from a static «salt» table.
3. Hash the result using SHA256.
4. Encode the hash in Base64 format.
5. Take the first eight characters and replace certain letters with special symbols.

Attackers can access the serial number of the target printer through various means or by leveraging CVE-2024-51977, which permits the unauthorized disclosure of sensitive information. They can then use the algorithm to generate the default password and log in as an administrator.

This access opens up opportunities for printer reconfiguration, retrieval of stored scanned images and address books, and attackers can exploit CVE-2024-51979 for remote code execution or CVE-2024-51984 for credential harvesting.

Brother has acknowledged that CVE-2024-51978 cannot be fully rectified via firmware updates. The company has authorized changes to the manufacturing process for all affected models. Users of existing models should be aware of their devices’ vulnerabilities, promptly change the default administrator password, and then update the firmware.

Brother, Konica Minolta, Fujifilm, Ricoh, and Toshiba have released guidelines detailing the steps that need to be taken to address these issues.