Security researchers at Rapid7 have disclosed eight newly discovered vulnerabilities affecting more than 689 models of Brother devices, including printers, scanners, and label makers. While these kinds of vulnerabilities rarely grab headlines, the scope of exposure is enormous, and the impact could be felt in offices and homes around the world.
The flaws affect a wide range of models still commonly in use across enterprise environments, small businesses, and home offices. That includes devices often brought in by employees as part of bring-your-own-device (BYOD) setups. In total, millions of Brother machines are potentially vulnerable to remote attacks. Some of the same flaws also appear in products from Fujifilm, Ricoh, Konica Minolta, and Toshiba, widening the blast radius even further.
Anatomy of the Attack: CVE-2024-51978 and Beyond
The most serious of the vulnerabilities disclosed by Rapid7—CVE-2024-51978—allows an attacker to reconstruct the default administrator password for an affected Brother device. The flaw doesn’t require authentication, and the method is straightforward once another linked vulnerability is exploited.
That second flaw, CVE-2024-51977, exposes the device’s serial number through an unauthenticated web request. Since Brother devices often generate their default admin credentials based on the serial number, an attacker can use this leaked information to calculate the login, bypass security protections, and take control of the device.
Other vulnerabilities disclosed include denial-of-service attacks triggered through malformed requests, buffer and stack overflows that could allow arbitrary code execution, and potential credential leaks that could expose sensitive user data. Some of these flaws require minimal technical skill to exploit and don’t demand any user interaction. Once inside, attackers can modify device settings, disrupt operations, or use the printer as a foothold for broader network access.
The Remote Work Blind Spot
In the rush to secure laptops and mobile devices, many organizations have overlooked a quieter but equally risky threat: the home office printer. While most of the focus lands on computers, David Matalon, CEO of Venn, notes that other Wi-Fi-enabled devices—like printers—are often set up by employees without IT involvement, rarely updated, and still connected to the same networks that handle sensitive company data.
When employees operate outside the corporate perimeter, the attack surface grows. Unmanaged printers and other unsecured endpoints introduce opportunities for lateral movement across a network. These devices are often running with default settings, using consumer-grade Wi-Fi, and haven’t been patched in years.
“The vulnerabilities uncovered by Rapid7 highlight a much broader issue,” Matalon says. “Organizations need to focus on shrinking that threat surface and consider strategies for ensuring their company data is protected independently of the device it's on, or the user’s home network that may be used to access it.”
The Supply Chain Ripple Effect
While the spotlight is on Brother, the vulnerabilities don’t stop there. Rapid7 confirmed that similar flaws affect devices from other major manufacturers, broadening the scope of exposure. That widens the threat considerably, especially for organizations that rely on managed print services (MPS) or outsource their printer infrastructure to third-party vendors.
These setups are designed for efficiency, but they also introduce risk. A single vulnerable device buried in a fleet of networked printers can serve as a soft entry point for attackers. IT teams may assume these machines are being maintained by vendors, but visibility into security posture is often limited.
For organizations that use shared or outsourced print infrastructure, this wave of vulnerabilities is a reminder that supply chain security includes more than just software dependencies. It extends all the way to the printer in the hallway and the one in a remote employee’s spare bedroom.
Mitigation and Next Steps
Brother has released firmware updates to address the vulnerabilities, and users are urged to apply them as soon as possible. Rapid7 has published a full list of affected models along with links to advisories and patch instructions. But as with many IoT-style devices, getting those updates installed—especially across hundreds or thousands of remote endpoints—is easier said than done.
For organizations managing a mix of on-prem and remote printers, the first step is to inventory all devices and identify which models are affected. From there, IT teams should push firmware updates where possible, disable unused services, and remove unnecessary internet exposure.
Default credentials and exposed serial numbers continue to be a weak link across many embedded systems. Attackers rely on these predictable patterns to compromise devices quickly and quietly. Changing default passwords, limiting network access, and isolating printers from sensitive systems should be standard practice regardless of where the device is located.
A Broader Wake-Up Call for Endpoint Security
Printers have long flown under the radar in cybersecurity planning. But today’s networked models are essentially IoT devices, complete with operating systems, network stacks, and web interfaces. Treating them like passive appliances is no longer viable.
The vulnerabilities revealed in Brother and other vendors’ devices are a reminder that every connected endpoint is a potential risk. That includes the machines in your office and the ones sitting on a desk at home. Organizations need better visibility into all devices accessing their network, whether managed or not.
Adopting a zero trust approach—where no device is trusted by default—is one way to contain the damage when something slips through. That means authenticating every endpoint, segmenting access, and assuming compromise is always a possibility. In that model, a printer becomes what it really is: another node that needs watching.
