TL;DR: Hackers have cracked Brother's method of generating default admin passwords for hundreds of its printers, scanners, and label makers, putting users who haven't changed them at risk. Additionally, researchers found seven other serious vulnerabilities affecting Brother and other brands. Users should visit company websites for security advisories and update their firmware.
Security researchers at Rapid7 recently reported eight vulnerabilities affecting over 689 printers, scanners, and label makers manufactured by Brother. Several models from Fujifilm, Ricoh, Toshiba, and Konica Minolta are also impacted.
The most serious vulnerability (CVE-2024-51978) lets attackers uncover default administrator passwords for Brother, Toshiba, and Konica Minolta devices if they have the device's serial number. Hackers have already exposed the method manufacturers use to generate unique default passwords from serial numbers.
Brother cannot patch the hole because it generates the default passwords during the manufacturing process. The company has already updated its password generator, so devices made after March 2025 should be unaffected. However, users with older models should change their administrator passwords.
Meanwhile, several other vulnerabilities let attackers leak sensitive information, take control of devices, execute code remotely, or trigger crashes. Firmware updates to fix all of them are now available.
Brother has posted a list of affected devices on its support site, along with security advisories for printers, scanners, and label makers detailing the required fixes. Likewise, Fujifilm, Ricoh, Toshiba, and Konica Minolta have published similar guidance on their respective websites. Most remedies involve disabling WSD, turning off TFTP, or changing the administrator password.
Another flaw (CVE-2024-51982) allows attackers to repeatedly crash devices by connecting to TCP port 9100. Brother notes that installing new firmware is the only way to address this issue. However, some users may be hesitant to update since Brother began deliberately degrading print quality when its printers detect third-party toner.
Brother printers were once praised for supporting third-party toner, especially as HP drew criticism for locking customers into costly ink subscriptions. While third-party toner still functions in Brother devices, users can no longer automatically register colors, and print quality is significantly degraded. Those concerned about these security vulnerabilities may want to weigh the risks against the potential savings on replacement ink.