Security vulnerabilities in nearly 750 multifunction printers of various brands
Attackers could gain access to the network and data. Firmware updates are available, but there is only one workaround for one vulnerability.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
The IT security company Rapid7 has discovered eight vulnerabilities in a total of 748 multifunction printers, scanners, and label printers from five different manufacturers. Attackers could gain access to the device itself and the connected network. The affected companies Brother, Fujifilm, Ricoh, Toshiba, and Konica Minolta have provided firmware updates, but a security gap can only be bypassed manually. It will only be closed with new model versions.
The most dangerous vulnerability is the authentication bypass (CVE-2024-51978, critical), which allows attackers to gain control of the device. Similar to the Xerox Versalink multifunction printers that have exposed their credentials, the default password for these 748 devices is also based on the serial number. This identifier can in turn be obtained through another vulnerability (CVE-2024-51977) in the HTTP, HTTPS and IPP services. However, the serial number can also be found out through PJL and SNMP requests, writes Rapid7.
Workaround: Change the default password immediately
Users should therefore urgently create their own password, as this function of the default password cannot be changed via firmware, according to Brother. The default password is set automatically during production. If the attackers have obtained the access data to the device, they can set their passwords, reconfigure the device or use functions of the device that are reserved for authorized users.
Videos by heise
Other vulnerabilities (CVE-2024-51979, CVE-2024-51982 and CVE-2024-51983) could be used by attackers to produce buffer overflows and cause the device to crash. Further vulnerabilities (CVE-2024-51980 and CVE-2024-51981) allow attackers to access network functions with the device as well as access data of external services such as LDAP or FTP (CVE-2024-51984). This could allow attackers to penetrate further into the network and potentially access sensitive data.
748 models affected, but also Dell?
The affected devices include 689 different multifunction printers, scanners, and label printers from Brother, 46 printer models from Fujifilm, five printers from Ricoh, two printer models from Toshiba and six models from Konica Minolta. However, other manufacturers such as Dell also sell Brother's multifunction printers under their brand. The Dell E514dw, for example, is a renamed Brother MFC-L2700dw with slight modifications. When asked by heise online, Rapid7 was unable to answer whether the corresponding Dell models also have these vulnerabilities. “We have no information that Dell models are impacted,” explained Stacey Holleran from Rapid7. Corresponding inquiries to Brother and Dell have so far gone unanswered.
The security researchers do not see a direct link to the security vulnerabilities in Xerox Versalink multifunction printers that Rapid7 also uncovered earlier this year. The so-called pass-back attack shows the same problem in theory, but according to Rapid7, the companies do not use the same code, but simply use the same design and concept for the standard passwords based on the serial number.
(fds)
