When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Hundreds of printer models with weak password algorithms exposed, no firmware patch possible

Neowin · with 14 comments

A printer with an exclamation mark on the right and a digital lock icon on the left

Many people don't think or care about it, but printer security is a pretty important avenue when it comes to evaluating your cybersecurity posture. Last month, it was found that the companion software for Procolored printers was distributing malware. Now, it has been revealed that hundreds of printer models all over the globe are susceptible to attacks targeting their admin credentials.

Bleeping Computer has reported that CVE-2024-51978 is a one of the eight printer vulnerabilities recently discovered by security researchers. Combined, these allow authenticated and unauthenticated attackers to discover the default admin password, perform remote code execution (RCE), crash the printer, and leak other sensitive information. Severity ratings go from a score of 5.3 (medium) to 9.8 (critical), indicating that these are pretty severe vulnerabilities.

The most dangerous vulnerability in there exposes the default admin password, and primarily affects Brother printers. This is because Brother utilizes a rather weak password generation algorithm that is highly dependent upon the device's serial number and a static salt table. Analysis of the code revealed that the first 16 characters of the serial number are appended with eight bytes from a static salt table, with the results being hashed with SHA256 and Base64-encoded. Finally, the first eight characters are then taken and some of them are replaced with special characters to form the password.

The static nature of the password generation algorithm means that an attacker can chain various existing vulnerabilities to get access to your serial number and eventually your default admin password.

It is important to note that not all printer models are affected by all of these flaws, but the default admin password exposure does affect 695 models. The breakdown for the number of printer model affected by the eight vulnerabilities is as follows:

  • Brother: 689
  • Fujifilm: 46
  • Konica Minolta: 6
  • Ricoh: 5
  • Toshiba: 2

Brother has informed the security researchers that it cannot fully remediate the password generation vulnerability through a firmware patch. It can only fix the issue in its next printer models by patching the problem during the manufacturing process. This makes it crucial for customers of affected models to change their default admin password as soon as possible, which is good practice anyway.

Report a problem with article
A distorted Microsoft Edge logo
Next Article

Edge 138 is out with AI-powered history search and other changes

The Google Photos logo
Previous Article

“Ask Photos” is coming to more Google Photos users in the US

Join the conversation!

Login or Sign Up to read and post a comment.

14 Comments - Add comment