Brother Printers Expose Over 600 Models to Critical Security Flaws

Critical vulnerabilities in 689 Brother printer models allow hackers to bypass authentication using serial numbers.

Jun 30, 2025

< 1 min read

Our editorial process is built on human expertise, ensuring that every article is reliable and trustworthy. AI helps us shape our content to be as accurate and engaging as possible.
Learn more about our commitment to integrity in our Code of Ethics.

Key Takeaways

Default passwords generated from serial numbers enable authentication bypass.
Over 689 Brother models, plus devices from four other manufacturers, are affected.
Manufacturing-embedded flaw requires password changes, not just firmware updates.

Brother just handed hackers the keys to over 689 printer models, and the fix isn’t as simple as downloading an update. Security researchers at Rapid7 discovered eight vulnerabilities that turn your trusty office printer into a potential gateway for cybercriminals. Finding the most critical flaw stems from Brother’s manufacturing shortcuts that can’t be patched away.

Predictable Passwords Transform Security Into Theater

Each Brother device generates its default admin password using the serial number printed right on the case. Attackers read that number and run basic calculations to unlock full administrative access. CVE-2024-51978 exposes this fundamental design flaw that affects not just Brother but also Fujifilm Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta devices using identical password generation methods.

Brother printer bug in 689 models exposes default admin passwords – @billtoulas https://t.co/XAApiiXmHb https://t.co/XAApiiXmHb
— BleepingComputer (@BleepinComputer) June 26, 2025

Seven additional vulnerabilities create a buffet of attack options for cybercriminals. Denial of service attacks, forced TCP connections, password theft, and arbitrary HTTP requests become trivial when six flaws require zero authentication. Your printer broadcasts an open invitation to anyone with malicious intent and an internet connection.

Immediate Action Beats Wishful Thinking

Brother released firmware updates addressing most vulnerabilities, yet CVE-2024-51978 remains fundamentally unfixable through software patches alone. Manufacturing processes changed for devices built after March 2025, but existing hardware carries this security debt permanently unless users take direct action.

Log into your printer’s admin panel today and replace that predictable default password with something genuinely secure. Skip the firmware update ritual if you want, but ignoring password replacement leaves your network exposed like leaving house keys under the welcome mat. Rapid7’s coordinated disclosure gave everyone fair warning, including the bad actors already scanning for vulnerable devices.

Networks Remain Vulnerable Until Users Act

Modern offices treat printers as invisible infrastructure, forgetting these devices connect to the same networks housing sensitive data and critical systems. When manufacturers embed predictable credentials during production, they transfer security responsibility to users who never asked for that burden. Your $200 multifunction printer shouldn’t become the weak link compromising your entire digital life.