Millions of Printers Exposed to Hacking Due to New Vulnerabilities

Research from Rapid7 reveals eight new vulnerabilities among multifunction printers (MFP). 

In total, 748 models from 5 vendors are impacted by these vulnerabilities. This includes 689 models among Brother’s printers, scanners and label making devices; 46 among FUJIFILM Business Innovation printer models; 5 from Ricoh; 6 from Konica Minolta, Inc.; and 2 from Toshiba Tec Corporation. 

The most serious of the discovered vulnerabilities is an authentication bypass flaw (CVE-2024-51978). Via this flaw, a malicious actor could leak the serial number of the targeted device and generate a default administrator password. Brother has stated that this vulnerability cannot be fully remediated in firmware and requires an alteration to the manufacturing process in affected models. 

Security Leaders Weigh In

David Matalon, CEO at Venn:

The security of remote work environments goes far beyond laptops — especially since peripherals are almost always Wi-Fi enabled. Printers in home offices — often overlooked — can become serious points of exposure. 

The vulnerabilities uncovered by Rapid7 highlight a much broader issue. When employees work outside the corporate perimeter, the threat surface expands. Organizations need to focus on shrinking that threat surface and consider strategies for ensuring their company data is protected independently of the device it's on, or the user’s home network that may be used to access it. That includes considering all paths to data including unmanaged printers, smart devices, and anything else connected to a home network that’s outside of IT’s control.

John Bambenek, President at Bambenek Consulting:

Printers are often a “plug it in and forget it” type of IT device and are easy to overlook for updates and security patches. However, they have operating systems and can be used for easy lateral movement and persistence of attackers who want to remain in a target environment quietly. It is a reminder that these devices should never be openly accessible through the internet because troublemakers have been known to target printers in the past. 

John Gallagher, Vice President at Viakoo:

While this seems like a normal issue for IT teams (firmware patching to remediate a critical vulnerability), the real issue is the vast number of printers used and managed outside of IT.  Like many IoT devices, the patching and maintenance of printers may not be a priority for the line of business operating them. Yet if these devices remained unpatched there is significant risk to the organization overall.  

Printers are heavily used in certain verticals (like healthcare) that threat actors target. In healthcare the printer may be for creating patient ID wristbands, instructions to doctors or surgeons, scanning health records, and so forth. Since many printers today store documents in their print buffer or on storage within the device, there is a threat of patient personal information being stolen.  

Because printers are both networked and ubiquitous, there should be urgency around patching to prevent lateral movement.  

Having a strong IoT security focus is needed to prevent significant damage from these vulnerabilities, starting with having an up-to-date asset inventory and automated methods to quickly patch fleets of IoT devices. Using traditional IT methods of discovery and patching simply don’t work for IoT/OT/ICS systems.