CyberSecurityBoard
Sponsor Register Login

Brother printer bug in 689 models exposes default admin passwords

HTTP (Port 80), HTTPS (Port 443), IPP (Port 631) 5.3 (Medium) CVE-2024-51978 An unauthenticated attacker can generate the device's default administrator password. Users of existing Brother printers listed in the impacted models should consider their devices vulnerable and immediately change the default admin password, followed by applying the firmware updates. HTTP (Port 80), HTTPS (Port 443), IPP (Port 631) 7.2 (High) CVE-2024-51980 An unauthenticated attacker can force the device to open a TCP connection. A total of 689 printer models from Brother, along with 53 other models from Fujifilm, Toshiba, and Konica Minolta, come with a default administrator password that remote attackers can generate. Web Services over HTTP (Port 80) 5.3 (Medium) CVE-2024-51981 An unauthenticated attacker can force the device to perform an arbitrary HTTP request. Web Services over HTTP (Port 80) 7.5 (High) CVE-2024-51984 An authenticated attacker can disclose the password of a configured external service. This crucial vulnerability can be chained with other vulnerabilities discovered by Rapid7 to determine the admin password, take control of devices, perform remote code execution, crash them, or pivot within the networks they're connected to. Web Services over HTTP (Port 80) 5.3 (Medium) CVE-2024-51982 An unauthenticated attacker can crash the device. HTTP (Port 80), HTTPS (Port 443), IPP (Port 631) 9.8 (Critical) CVE-2024-51979 An authenticated attacker can trigger a stack based buffer overflow. Not all of the flaws affect every one of the 689 Brother printer models, but other manufacturers, including Fujifilm (46 models), Konica Minolta (6), Ricoh (5), and Toshiba (2), are impacted as well. The default password in the impacted printers is generated during manufacturing using a custom alogirthm based on the device's serial number. "Brother has indicated that this vulnerability cannot be fully remediated in firmware, and has required a change to the manufacturing process of all affected models," explains Rapid7 regarding CVE-2024-51978. PJL (Port 9100) 7.5 (High) CVE-2024-51983 An unauthenticated attacker can crash the device.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 26 Jun 2025 18:15:19 +0000


Cyber News related to Brother printer bug in 689 models exposes default admin passwords

Brother printer bug in 689 models exposes default admin passwords - HTTP (Port 80), HTTPS (Port 443), IPP (Port 631) 5.3 (Medium) CVE-2024-51978 An unauthenticated attacker can generate the device's default administrator password. Users of existing Brother printers listed in the impacted models should consider their ...
4 hours ago Bleepingcomputer.com CVE-2024-51978
Securing AI: Navigating the Complex Landscape of Models, Fine-Tuning, and RAG - It underscores the urgent need for robust security measures and proper monitoring in developing, fine-tuning, and deploying AI models. The emergence of advanced models, like Generative Pre-trained Transformer 4, marks a new era in the AI landscape. ...
1 year ago Feedpress.me
Man Sues Facebook For Not Deactivating Deceased Veteran's Account Used In Crypto Scam - Scammers will do anything to make a quick buck on Facebook - even taking over the account of a deceased Army veteran. The veteran's brother, a man named Scott Vreeland, is not taking the news sitting down. Instead, he's suing Facebook for not ...
1 year ago Facecrooks.com
Xerox Printer Vulnerabilities Enable Credential Capture - "Since LDAP and SMB settings on MFP devices typically contain Windows Active Directory credentials, a successful attack would give a malicious actor access to Windows file services, domain information, email accounts, and database systems," ...
4 months ago Darkreading.com CVE-2024-12510 CVE-2024-12511
Enzoic for AD Lite Data Shows Increase in Crucial Risk Factors - The 2023 data from Enzoic for Active Directory Lite data from 2023 offers a revealing glimpse into the current state of cybersecurity, highlighting a significant increase in risk factors that lead to data breaches. The free password auditor has been ...
1 year ago Securityboulevard.com
The most popular passwords of 2023 are easy to guess and crack - Each year, analysts at various Internet security companies release lists of the most used passwords. ADVERTISEMENT. The passwords that are on these lists may act as a warning for any Internet and electronic device user. Some common passwords have ...
1 year ago Ghacks.net
In the rush to build AI apps, don't leave security behind The Register - There are countless models, libraries, algorithms, pre-built tools, and packages to play with, and progress is relentless. You'll typically glue together libraries, packages, training data, models, and custom source code to perform inference tasks. ...
1 year ago Go.theregister.com Hunters
CVE-2019-6332 - A potential security vulnerability has been identified with certain HP InkJet printers. The vulnerability could be exploited to allow cross-site scripting (XSS). Affected products and versions include: HP DeskJet 2600 All-in-One Printer series model ...
5 years ago
Addressing Deceptive AI: OpenAI Rival Anthropic Uncovers Difficulties in Correction - There is a possibility that artificial intelligence models can be trained to deceive. According to a new research led by Google-backed AI startup Anthropic, if a model exhibits deceptive behaviour, standard techniques cannot remove the deception and ...
1 year ago Cysecurity.news
5 Unique Challenges for AI in Cybersecurity - Applied AI in cybersecurity has many unique challenges, and we will take a look into a few of them that we are considering the most important. On the other hand, supervised learning systems can remediate this issue and filter out anomalous by design ...
1 year ago Paloaltonetworks.com
Microsoft unveils new, more secure Windows Protected Print Mode - Microsoft announced a new Windows Protected Print Mode, introducing significant security enhancements to the Windows print system. Notably, once WPP rolls out and gets enabled by default on all Windows systems, Redmond will shift away from running ...
1 year ago Bleepingcomputer.com
How machine learning helps us hunt threats | Securelist - In this post, we will share our experience hunting for new threats by processing Kaspersky Security Network (KSN) global threat data with ML tools to identify subtle new Indicators of Compromise (IoCs). The model can process and learn from millions ...
8 months ago Securelist.com
Startups Scramble to Build Immediate AI Security - It also elevated startups working on machine learning security operations, AppSec remediation, and adding privacy to AI with fully homomorphic encryption. AI's largest attack surface involves its foundational models, such as Meta's Llama, or those ...
1 year ago Darkreading.com
ML Model Repositories: The Next Big Supply Chain Attack Target - The techniques are similar to ones that attackers have successfully used for years to upload malware to open source code repositories, and highlight the need for organizations to implement controls for thoroughly inspecting ML models before use. ...
1 year ago Darkreading.com
Protect your Active Directory from these Password-based Vulnerabilities - Deploying a security solution like Specops Password Policy enhances the protection of passwords, which are frequently exploited as an initial entry point by attackers. In this attack, the perpetrator, typically using a compromised low-level account ...
1 year ago Bleepingcomputer.com
The 7 technology trends that could replace passwords - In passwords, this provides a secure way to let users prove that they know their own password, without any need to transmit their actual credentials – it is a cryptographic method that proves you know your password without needing to actually ...
3 months ago Bleepingcomputer.com
SEIKO EPSON Printer Vulnerabilities Let Attackers Execute Arbitrary Code - The company recommends running the Epson Software Updater to download and install the “Security vulnerability patch” and the “Epson Printer Driver Security Support Tool”. “An attacker may execute arbitrary code with ...
1 month ago Cybersecuritynews.com CVE-2025-42598
EU Reaches Agreement on AI Act Amid Three-Day Negotiations - The EU reached a provisional deal on the AI Act on December 8, 2023, following record-breaking 36-hour-long 'trilogue' negotiations between the EU Council, the EU Commission and the European Parliament. The landmark bill will regulate the use of AI ...
1 year ago Infosecurity-magazine.com
Protect AI Unveils Gateway to Secure AI Models - Protect AI today launched a Guardian gateway that enables organizations to enforce security policies to prevent malicious code from executing within an artificial intelligence model. Guardian is based on ModelScan, an open source tool from Protect AI ...
1 year ago Securityboulevard.com
Jason's Deli Restaurant Chain Hit by a Credential Stuffing Attack - The personal information of more than 340,000 customers of popular restaurant chain Jason's Deli may have been victims of a credential stuffing attack, a scheme in which the hacker uses stolen or leaked credentials to log into other online accounts. ...
1 year ago Securityboulevard.com
Protect AI Report Surfaces MLflow Security Vulnerabilities - A report published by Protect AI today identifies remote code execution vulnerabilities in an open source MLflow life cycle management tool that can be used to compromise artificial intelligence models. Specifically, the report finds MLflow, which is ...
1 year ago Securityboulevard.com
In Pursuit of a Passwordless Future - Many computer users dream of a day when the industry can move past its reliance on passwords to reach a more serene future of frictionless cybersecurity. The fact is that countless remaining devices and systems have been aging and based on password ...
1 year ago Securityboulevard.com
In Pursuit of a Passwordless Future - Many computer users dream of a day when the industry can move past its reliance on passwords to reach a more serene future of frictionless cybersecurity. The fact is, countless remaining devices and systems are aging relics that have been based on ...
1 year ago Cyberdefensemagazine.com
Meta's Purple Llama wants to test safety risks in AI models - Generative Artificial Intelligence models have been around for years and their main function, compared to older AI models is that they can process more types of input. Take for example the older models that were used to determine whether a file was ...
1 year ago Malwarebytes.com
CVE-2025-24288 - The Versa Director software exposes a number of services by default and allow attackers an easy foothold due to default credentials and multiple accounts (most with sudo access) that utilize the same default credentials. By default, Versa director ...
1 week ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)