Researchers Warn of Hardcoded Password Vulnerability in Hundreds of Printer Models
Printer security is often overlooked, but it plays a critical role in an organization’s overall cybersecurity strategy. Just last month, researchers discovered that the companion software for Procolored printers was distributing malware. Now, a new set of vulnerabilities has been revealed, affecting hundreds of printer models worldwide , with the most severe flaw exposing default admin passwords.
According to a report by BleepingComputer , CVE-2024-51978 is one of eight recently disclosed vulnerabilities found in printers from multiple manufacturers. These flaws allow both authenticated and unauthenticated attackers to:
- Discover default admin passwords
- Execute remote code
- Crash the device
- Leak sensitive system information
The severity ratings range from medium (5.3) to critical (9.8) , highlighting the seriousness of these issues.
Brother Printers Most Affected by Predictable Password Algorithm
The most dangerous vulnerability lies in how certain printers — particularly Brother models — generate default admin passwords. Researchers found that Brother uses a predictable password generation method based on two main components:
- The first 16 characters of the device’s serial number
- A fixed salt table value
These values are combined, hashed using SHA256 , then encoded with Base64 . The final password is created by taking the first 8 characters and replacing some with special symbols.
Because this algorithm relies on static data, attackers can use other existing vulnerabilities to extract the serial number and then predict the admin password without needing physical access.
Which Brands Are Affected?
While not all printer models are impacted by every vulnerability, the default password issue alone affects 689 Brother models , making it the most widespread impact.
Here’s a breakdown of affected models per vendor:
- Brother : 689 models
- Fujifilm : 46 models
- Konica Minolta : 6 models
- Ricoh : 5 models
- Toshiba : 2 models
No Firmware Patch Available for Older Models
Unfortunately, Brother has stated that it cannot fix the password generation flaw via firmware updates , as the issue lies in how passwords are generated during manufacturing. The company plans to address the problem only in future models, meaning existing devices will remain vulnerable unless users manually change the default admin credentials .
This highlights the importance of basic security hygiene: always change default passwords on networked devices — especially those accessible from the internet or internal business networks.
