Rapid7 and Brother Industries have jointly issued a vulnerability alert for a potential 8 Brother printer hacks covering 689 Brother models, 46 from FUJIFILM, six from Konica Minolta, five from Ricoh, and two from Toshiba TEC.
Rapid7, in conjunction with JPCERT/CC, has worked with Brother over the last thirteen months to coordinate the disclosure of these vulnerabilities.
Brother cannot fully fix the authentication bypass hack via a software update. Brother will be issuing a workaround for all affected devices.
Rapid7’s published security advisory and additional supporting materials provide further detail on each of these vulnerabilities, the various printer models affected, and guidance for remediation. Brother has published three advisories:
* Brother Laser and Inkjet Printer Advisory
* Brother Document Scanner Advisory
* Brother Label Printer Advisory
Brother models affected
How dangerous are these vulnerabilities?
The most dangerous is the authentication bypass that reveals the admin password to reconfigure the target device or access functionality only intended for authenticated users.
It then allows some or all of the other seven vulnerabilities to
- Make network connections via the target device located on an internal network, for example, when a printer’s web interface is exposed across a network segment.
- Repeatedly crash a target device, resulting in a complete loss of availability for the device (like a DDoS).
- Pivot further into a network environment. Credentials to an external FTP service may be used to disclose sensitive information, such as documents stored on that FTP service.
Rapid7 has a blog that goes into greater detail. During the research (May 2025), they discovered 5,739 Brother printers exposed to the Internet.
CyberShack’s view: Brother printer hacks are not just Brother’s problem.
It’s not just Brother. Recent research shows that over 800,000 printers are exposed to the Internet via port 9100, which allows hackers in. In 2018, PewDiePie accessed 50,000 printers to print messages urging people to subscribe to his YouTube channel. It’s like whacking a mole—close one vulnerability, and many more pop up.
While corporate and enterprise users are most at risk, pretty much any internet-connected printer can act as a gateway to the home or small office network.
For over a decade, HP printers have been a massive target for hackers who were able to access home and corporate networks. In fact, as late as January 2025, all HP/Samsung printers using its Universal Print Driver Series (PCL 6 and PostScript) were still vulnerable. Details and a list of printers are here.
Canon/Xerox have had serious vulnerabilities (9.4/10), and the latest affects Generic Plus PCL6, UFR II, LIPS4, LIPSXL, and PS printer drivers, specifically versions 3.12 and earlier. It also has vulnerabilities in some Laser Printers and Small Office Multifunctional Printers.
Epson has fewer issues, and provided you keep its firmware up to date, you need not be concerned. The most recent was for Windows non-English installs.
The most important thing you can do is keep the firmware up to date, and in a corporate environment, set up printers on secure VLANs.
You can read more about printer security here.
CyberShack Printer news and reviews
Brother printer hacks, Brother printer hacks, Brother printer hacks, Brother printer hacks, Brother printer hacks
Comments