Multiple Vulnerabilities in Brother Devices Enable Attackers to Execute Arbitrary HTTP Requests

A comprehensive security assessment by Rapid7 has uncovered eight significant vulnerabilities affecting a broad range of Brother Industries, Ltd. multifunction printers (MFPs), scanners, and label makers.

The flaws, disclosed in coordination with JPCERT/CC and Brother over a thirteen-month period, impact at least 689 models from Brother and extend to 59 additional models from FUJIFILM, Ricoh, Toshiba Tec, and Konica Minolta totaling 748 affected devices across five major vendors.

Authentication Bypass Enables Full Device Takeover

The most severe vulnerability, tracked as CVE-2024-51978 (CVSS 9.8, Critical), allows remote unauthenticated attackers to derive the default administrator password for a target device.

This is possible due to a predictable password generation algorithm that transforms a device’s unique serial number set during manufacturing into its default password.

Attackers can obtain the serial number through several means, including exploiting CVE-2024-51977 (information disclosure), or via PJL or SNMP queries, even if the password has not been changed from its default.

Once obtained, attackers can gain administrative access, reconfigure devices, or access sensitive functions intended for authenticated users.

Brother has acknowledged that CVE-2024-51978 cannot be fully mitigated via firmware updates, necessitating a manufacturing process change for future devices.

For existing devices, only workarounds are available, making this vulnerability particularly persistent in the installed base.

Arbitrary HTTP Requests

Among the other critical issues, CVE-2024-51981 enables unauthenticated attackers to force devices to perform arbitrary HTTP requests, effectively turning the device into a proxy for further attacks (Server Side Request Forgery, SSRF).

This can be exploited to access internal network resources or conduct further lateral movement within an organization.

CVE-2024-51979 presents a stack-based buffer overflow that, when chained with the authentication bypass, could allow remote code execution (RCE) by manipulating CPU registers, including the program counter.

The remaining vulnerabilities include further SSRF (CVE-2024-51980), denial-of-service conditions (CVE-2024-51982, CVE-2024-51983), and credential disclosure for external services such as LDAP or FTP (CVE-2024-51984).

The latter could allow attackers to pivot deeper into network environments or exfiltrate sensitive documents.

The scale of the issue is considerable: 695 models are affected by the authentication bypass, and over 200 models are vulnerable to denial-of-service attacks.

According to the Report, Rapid acting as the CVE Numbering Authority (CNA), has populated all eight CVE records with comprehensive lists of affected models.

Brother and other affected vendors have issued firmware updates for seven of the eight vulnerabilities.

However, the authentication bypass (CVE-2024-51978) remains only partially remediated for legacy devices.

Users are urged to apply all available firmware updates and implement vendor-recommended workarounds.

Detailed advisories are available from Brother, FUJIFILM, Ricoh, Toshiba Tec, and Konica Minolta.

The vulnerabilities were first reported to Brother in May 2024, with coordinated disclosure and remediation efforts culminating in public disclosure on June 25, 2025. Rapid7’s technical white paper and proof-of-concept code provide further analysis for practitioners.

Indicators of Compromise (IOC) Table

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates