Rapid7 conducted a zero-day research project into multifunction printers (MFP) from Brother Industries, Ltd.
This research resulted in the discovery of 8 new vulnerabilities. Some or all of these vulnerabilities have been identified as affecting 689 models across Brother’s range of printer, scanner, and label maker devices. Additionally, 46 printer models from FUJIFILM Business Innovation, 5 printer models from Ricoh, and 2 printer models from Toshiba Tec Corporation are affected by some or all of these vulnerabilities. In total, 742 models across 4 vendors are affected. Rapid7, in conjunction with JPCERT/CC, has worked with Brother over the last thirteen months to coordinate the disclosure of these vulnerabilities. The most serious of the findings is the authentication bypass CVE-2024-51978.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- PhantomRPC: A new privilege escalation technique in Windows Remote Procedure Call
April 24, 2026
Windows Interprocess Communication (IPC) is one of the most complex technologies within the Windows operating system. At the core of this ecosystem is the Remote Procedure Call (RPC) mechanism, which can function as a standalone communication channel or as the underlying transport layer for more advanced interprocess communication technologies. Because of its complexity and widespread ...
- Apple fixes iOS bug that kept deleted notifications, including chat previews
April 23, 2026
Apple has released a software update that deals with an issue that could allow deleted notifications to be retrieved. Something that, in at least one reported case, was used by law enforcement during forensic analysis. Apple fixed the issue in iOS and iPadOS versions 18.7.8 and 26.4.2 (check availability for your device at those links). The ...
- Iran claims US used backdoors to knock out networking equipment during war
April 21, 2026
Iranian media is claiming that the US used backdoors and/or botnets to disable networking equipment during the current war, and Chinese state media is dining out on the allegations. Reports from Iran claim hardware made by Cisco, Juniper, Fortinet, and MikroTik either rebooted or disconnected during recent attacks on Iran – despite the regime disconnecting the ...
- Microsoft releases Windows Server update fix to fix its April update fixes
April 20, 2026
Microsoft has pushed out an out-of-band update to address the restart loop that hit some Windows Server devices after its April update. The fix will spare administrators the headache of forced server restarts after installing the April 2026 update. (A reminder that deploying any Microsoft update directly to production without thorough testing is, to put it ...
- NIST changes enrichment process for National Vulnerability Database due to surge in CVE submissions
April 20, 2026
The number of reported vulnerabilities has surged so sharply that it forced the National Institute of Standards and Technology (NIST) to change how it ‘enriches’ each entry. Until now, NIST would take a basic CVE record and add structured analysis, to make it more useful in the National Vulnerability Database (NVD). That usually includes severity scoring ...
- Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign
April 17, 2026
IoT devices are increasingly prime targets for large-scale attacks due to their widespread use, lack of patching, and often weak security settings. Threat actors continue exploiting known vulnerabilities to gain initial access and deploy malware that can persist, spread, and cause distributed denial-of-service (DDoS) attacks. FortiGuard Labs has analyzed a recent campaign exploiting CVE-2024-3721 in TBK ...