Brother printer flaw leaves thousands at risk of remote takeovers

A security flaw makes hundreds of printers vulnerable to attack, and the problem can’t be fixed with an update

Hackers have uncovered a major security flaw in the manufacturing process of Brother, which allows hackers to generate the default admin passwords of hundreds of its printer, scanner, and label maker models using their serial numbers. To make matters worse, attackers can discover a device’s serial number using a vulnerability called CVE-2024-51977 over HTTP/HTTPS/IPP. Furthermore, some devices from Toshiba and Konica Minolta are also affected.

In total, a research group called Rapid7 has reported eight vulnerabilities that impact over 689 Brother products. The worst of these flaws is CVE-2024-51978, the aforementioned flaw that can generate the default admin passwords of hundreds of Brother products. This flaw has been given a “Critical” severity rating with a score of 9.8.

While Brother has addressed this flaw in all printers manufactured after March 2025, the issue is unpatchable on its older products. The default passwords of Brother’s are set and cannot be changed. Users can change the administrator passwords of their products, but Brother can’t. As such, users of affected products have been told to set custom admin passwords for their devices.

The other flaws uncovered by Rapid7 can be used to leak sensitive information, execute code remotely, and trigger crashes. Note that firmware updates have been released to fix these issues on affected products. However, it should be remembered that Brother’s admin password security flaw can only be addressed by users. This is achieved by setting a custom password.

You can join the discussion on Brother’s printer security flaw on the OC3D Forums.