Multiple Brother Device Vulnerabilities Allow Attackers to Execute Arbitrary HTTP Requests
A zero-day research project has uncovered eight new vulnerabilities in multifunction printers (MFPs) and related devices from Brother Industries, Ltd., affecting a staggering 748 models across five major vendors, including Brother, FUJIFILM Business Innovation, Ricoh, Toshiba Tec Corporation, and Konica Minolta, Inc.
This extensive impact, detailed in a coordinated release with JPCERT/CC after over a year of collaboration, highlights critical security flaws that could allow attackers to execute arbitrary HTTP requests, bypass authentication, and potentially achieve remote code execution (RCE).
The most severe of these vulnerabilities, CVE-2024-51978, rated at a CVSS score of 9.8 (Critical), enables an unauthenticated remote attacker to generate a device’s default administrator password by exploiting a predictable transformation of the device’s serial number, set during manufacturing.
Brother has acknowledged that this flaw cannot be fully remediated via firmware updates, necessitating a manufacturing process overhaul for new units and offering only workarounds for existing devices.
Critical Flaws Impact Hundreds of Printer Models
Among the other vulnerabilities, CVE-2024-51981 stands out for enabling unauthenticated attackers to force affected devices to perform arbitrary HTTP requests, effectively turning printers into proxies for Server-Side Request Forgery (SSRF) attacks.
This could allow attackers on external networks to leverage a vulnerable device on an internal network to access restricted resources, depending on network positioning.
Additionally, CVE-2024-51979, with a CVSS score of 7.2 (High), permits an authenticated attacker to trigger a stack-based buffer overflow, potentially controlling CPU registers like the Program Counter (PC) to achieve RCE.
When chained with the authentication bypass of CVE-2024-51978, this could result in unauthenticated RCE, posing a catastrophic risk to network security.
Other issues include information leaks (CVE-2024-51977), denial-of-service (DoS) attacks (CVE-2024-51982 and CVE-2024-51983), and credential disclosure for external services like LDAP or FTP (CVE-2024-51984), further amplifying the attack surface for malicious actors seeking to pivot deeper into targeted environments.
Authentication Bypass
Rapid7’s findings reveal that 695 models are vulnerable to the critical authentication bypass, while others are susceptible to varying combinations of these flaws.
Firmware updates have been released to address seven of the eight vulnerabilities, but users must also apply vendor-provided workarounds for CVE-2024-51978.
Detailed technical analyses are available in Rapid7’s white paper, “Print Scan Hacks,” alongside proof-of-concept code.
Brother has expressed gratitude for Rapid7’s efforts and notified customers via advisories on their website.
For security practitioners, Rapid7’s InsightVM and Nexpose tools will include checks for several of these CVEs in their June 25, 2025, content release, though some checks require explicit opt-in due to their potential to crash systems.
Organizations using affected devices are urged to consult vendor advisories and update firmware immediately to mitigate these severe risks.
Indicators of Compromise (IoC)
| CVE ID | Description | Affected Service | CVSS Score |
|---|---|---|---|
| CVE-2024-51978 | Authentication bypass via default password | HTTP, HTTPS, IPP | 9.8 (Critical) |
| CVE-2024-51981 | Forces device to perform arbitrary HTTP requests | Web Services over HTTP (Port 80) | 5.3 (Medium) |
| CVE-2024-51979 | Stack-based buffer overflow for potential RCE | HTTP, HTTPS, IPP | 7.2 (High) |
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates
Source link
