If you’re using a Brother printer at home or work, your device could be at risk from a major security flaw that cannot be fixed entirely. Security firm Rapid7 has discovered eight new vulnerabilities affecting 689 different Brother printer models. One of these flaws is especially dangerous, as it allows hackers to work out the printer’s default admin password by simply knowing the device’s serial number.
This flaw has been logged as CVE-2024-51978 in the National Vulnerability Database and has received a 9.8 out of 10 score on the CVSS scale, marking it as “Critical.” If an attacker can get hold of your printer’s serial number, they could generate its default password, gain full access to the device, and then take further action using the other seven vulnerabilities found by Rapid7.
How this vulnerability could affect you
If your printer still uses the default admin password it came with, you’re at the greatest risk. Once inside, an attacker could retrieve sensitive data from your printer, crash it remotely, or connect it to other devices on your network. They could also send their own HTTP requests through your printer or gain access to saved passwords for other connected services.
While most of these problems can be resolved through firmware updates, the most serious flaw, CVE-2024-51978, cannot be fixed this way. Brother has confirmed that this particular issue can only be addressed through changes made during the production of future models. For the models already on the market, Brother recommends users take immediate action by manually changing the admin password via the printer’s Web-Based Management menu.
This is not a problem exclusive to Brother printers. The same report revealed that 59 printer models from other major brands — including Fujifilm, Toshiba, Ricoh, and Konica Minolta — could also be affected. However, not all printers share every vulnerability, and the impact varies between models.
What you should do right now
If you have a Brother printer, the most important step you can take is to check whether your model is one of those affected. Brother’s support page includes full details and a list of impacted devices. You should also ensure your printer’s firmware is current, as updates can patch seven vulnerabilities.
Even more crucial is changing your default password if you haven’t done so already. You can access your printer’s settings through its Web-Based Management feature. Brother is urging users to take this step, as it significantly reduces the risk of remote access. Leaving the default password in place makes it far easier for hackers to break in and control your printer.
This discovery powerfully reminds us of the importance of changing default passwords on all devices—not just printers. Factory-set credentials are often widely known and can be exploited in seconds, whether it’s your router, webcam, or smart home device. Taking a few minutes to update them could protect you from a serious data breach or cyberattack.
While Brother is working on hardware-level fixes for future printers, you can protect your current device today by making these vital changes.
