Printer Security Alert: Rapid7 Uncovers Critical Flaws (CVSS 9.8) in Multi Brother Models
Ddos 
In a major coordinated disclosure, Rapid7 has unveiled a disturbing set of vulnerabilities affecting a wide range of multifunction printers (MFPs) across four major vendors—Brother, FUJIFILM Business Innovation, Ricoh, and Toshiba Tec Corporation. The findings, which span eight distinct CVEs, impact 742 printer, scanner, and label printer models, posing significant security risks to enterprise and consumer environments alike.
The most severe issue is tracked as CVE-2024-51978 (CVSS 9.8), an authentication bypass vulnerability that enables a remote unauthenticated attacker to derive the default administrator password of a device simply by knowing its serial number. As Rapid7 explains:
“This is due to the discovery of the default password generation procedure used by Brother devices. This procedure transforms a serial number into a default password.”
Even more concerning, this flaw cannot be fully remediated through firmware updates. Instead, Brother has had to alter its manufacturing process for affected devices, meaning only newly produced units are immune. For legacy models, the company has issued a workaround.
Another high-impact flaw, CVE-2024-51979 (CVSS 7.2), involves a stack-based buffer overflow that can be exploited by an authenticated attacker. Combined with CVE-2024-51978, attackers could achieve full remote code execution:
“The vulnerability, CVE-2024-51979, allows an authenticated attacker to trigger a stack based buffer overflow… sufficient exploit primitive for achieving remote code execution (RCE).”
This attack chain transforms what appears to be a configuration oversight into a potential gateway for full system compromise.
Rapid7’s report outlines six additional vulnerabilities, including:
- CVE-2024-51977: Information leakage through HTTP/IPP services
- CVE-2024-51980 / CVE-2024-51981: Server-Side Request Forgery (SSRF) enabling network pivoting
- CVE-2024-51982 / CVE-2024-51983: Denial-of-Service flaws causing device crashes
- CVE-2024-51984: Password disclosure from configured external services like LDAP and FTP
According to Rapid7, “691 models are affected by the authentication bypass vulnerability CVE-2024-51978,” with other vulnerabilities affecting up to 208 models each.
What makes these flaws particularly concerning is their exploitability via network access. CVE-2024-51977, for example, can expose the printer’s serial number—enabling the CVE-2024-51978 chain. Even if CVE-2024-51977 isn’t leveraged:
“A remote unauthenticated attacker can still discover a target device’s serial number via either a PJL or SNMP query.”
With default credentials in play and access to network tools, a determined attacker could use these vulnerabilities for lateral movement, data exfiltration, or even to pivot deeper into corporate environments. Also, Rapid7 published the proof of concept source code for these flaws.
Rapid7 acted as the CVE Numbering Authority (CNA) and coordinated disclosure with JPCERT/CC and Brother over a 13-month period. Firmware updates have been released to mitigate seven of the eight vulnerabilities. For CVE-2024-51978, Brother provides workarounds and updated manufacturing for future models.
Users are urged to:
- Update firmware immediately [1,2,3]
- Change default administrator credentials
- Review vendor-specific advisories for additional mitigations
Donate