InfoSecBulletin Cybersecurity for mankind
Rapid7 has revealed serious vulnerabilities in multifunction printers (MFPs) from Brother, FUJIFILM, Ricoh, and Toshiba Tec Corporation. These findings, covering eight CVEs, affect 742 models of printers, scanners, and label printers, creating considerable security threats for businesses and consumers.
The major issue is CVE-2024-51978 (CVSS 9.8), a vulnerability that allows a remote attacker to bypass authentication and discover the default admin password using just the device’s serial number.
CISA Warns of FortiOS Hard-Coded Credentials Vulns
5 vendors’ printer totaling 748 models affected: Rapid7
Citrix Released Emergency Patches for Actively Exploited CVE-2025-6543
SonicWall warns of a trojanized NetExtender stealing VPN logins
CVE-2025-36537
TeamViewer patched vuln allowing hacker SYSTEM Rights
Hacker Target 70+ Microsoft Exchange Servers to Steal Credentials with Keyloggers
WhatsApp banned on all US House of Representatives devices
Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store
OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems
Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform
As Rapid7 explains:
“This is due to the discovery of the default password generation procedure used by Brother devices. This procedure transforms a serial number into a default password.”
Even more concerning, this flaw cannot be fully remediated through firmware updates. Instead, Brother has had to alter its manufacturing process for affected devices, meaning only newly produced units are immune. For legacy models, the company has issued a workaround.
CVE-2024-51979 (CVSS 7.2) is a serious flaw due to a stack-based buffer overflow that authenticated attackers can exploit. When paired with CVE-2024-51978, it allows for complete remote code execution.
“The vulnerability, CVE-2024-51979, allows an authenticated attacker to trigger a stack based buffer overflow… sufficient exploit primitive for achieving remote code execution (RCE).”
Rapid7’s report outlines six additional vulnerabilities, including:
CVE-2024-51977: Information leakage through HTTP/IPP services
CVE-2024-51980 / CVE-2024-51981: Server-Side Request Forgery (SSRF) enabling network pivoting
CVE-2024-51982 / CVE-2024-51983: Denial-of-Service flaws causing device crashes
CVE-2024-51984: Password disclosure from configured external services like LDAP and FTP
According to Rapid7, “691 models are affected by the authentication bypass vulnerability CVE-2024-51978,” with other vulnerabilities affecting up to 208 models each.
Users are urged to:
Update firmware immediately
Change default administrator credentials
Review vendor-specific advisories for additional mitigations
Citrix Released Emergency Patches for Actively Exploited CVE-2025-6543
