Multiple Brother Devices: Multiple Vulnerabilities (FIXED)


Rapid7 conducted a zero-day research project into multifunction printers (MFP) from Brother Industries, Ltd.

This research resulted in the discovery of 8 new vulnerabilities. Some or all of these vulnerabilities have been identified as affecting 689 models across Brother’s range of printer, scanner, and label maker devices. Additionally, 46 printer models from FUJIFILM Business Innovation, 5 printer models from Ricoh, and 2 printer models from Toshiba Tec Corporation are affected by some or all of these vulnerabilities. In total, 742 models across 4 vendors are affected. Rapid7, in conjunction with JPCERT/CC, has worked with Brother over the last thirteen months to coordinate the disclosure of these vulnerabilities. The most serious of the findings is the authentication bypass CVE-2024-51978.

Read more…
Source: Rapid7


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • Three Steps to the Terminal: A Siemens ROX II Zero-Day Trilogy

    July 17, 2026

    Palo Alto Unit 42 conducted this research in close partnership with Siemens, reflecting their shared commitment to advancing the security and resilience of critical infrastructure. This report details a critical, chained exploit comprising three zero-day vulnerabilities (CVE-2025-40948, CVE-2025-40947, and CVE-2025-40949) discovered in Siemens ROX II operational technology (OT) switches. Successful exploitation of this chain would allow ...

  • Shark vacuum flaw exposes cameras, home maps and Wi-Fi passwords

    July 17, 2026

    Shark’s cloud-connected robot vacuums are currently exposed by an unpatched AWS (Amazon Web Services) IoT (Internet of Things) policy flaw that could turn one compromised device into a remote-control skeleton key for many others in the same region, with access to cameras, maps, and Wi‑Fi passwords. A researcher using the handle tokay0 took apart a Shark RV2320EDUS robot vacuum and ...

  • Attackers target critical FortiSandbox flaws as CISA issues patch order

    July 17, 2026

    Fortinet admins have two more reasons to clear their calendars after CISA confirmed a pair of critical FortiSandbox bugs are being actively exploited. The two bugs, tracked as CVE-2026-39808 and CVE-2026-25089, both carry CVSS scores of 9.1 and affect FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS. According to Fortinet, they are OS command injection flaws that allow ...

  • Top AI tools such as OpenClaw and Github Copilot can be hijacked to create new massive botnets

    July 15, 2026

    Your favorite AI service could be subverted to deploy code that turns your phone or PC into a botnet, according to researchers at Intuit, Technion, and Tel Aviv University. The technique has been given the name HalluSquatting, a portmanteau of adversarial hallucination squatting, and is similar to typosquatting in that it relies on a mistake in ...

  • Microsoft tops last month’s record with 622 Patch Tuesday CVEs

    July 14, 2026

    Remember last month when we were awed by Microsoft’s record-setting Patch Tuesday that addressed 206 CVEs? That was a quaint era compared to this month: Redmond just rolled out patches for 622 CVEs specific to its products, slightly more than tripling last month’s all-time high. Redmond’s Patch Tuesday release is once again one for the record books, with everything under ...

  • Two Chrome updates in two days fix critical vulnerabilities

    July 10, 2026

    Updating Chrome is becoming an almost daily task lately. But it’s too important to ignore. On Wednesday, July 8, Google released another Chrome update, just one day later after the previous one. Between them, the two updates fixed 27 security vulnerabilities, including two critical flaws that could be exploited to compromise Chrome. Google says both are “use-after-free” memory vulnerabilities, which ...