Brother Printers Vulnerable to Denial-of-Service Attacks

Trustwave researchers discovered a vulnerability in Brother printers that, if exploited, could result in a denial-of-service (DoS) condition. The vulnerability is associated with an HTTP server embedded within these printers called Debut. If an attacker sends a single malformed HTTP POST request to the targeted printer, the printer will respond with a 500 Internal Server Error code, causing the printer’s web interface to become inaccessible and print jobs sent over the network to fail. Although a single attack may only interrupt printing services for a short period of time, extended downtime could occur if attackers continuously send malformed requests to a targeted device. Attempts by Trustwave to contact Brother about this vulnerability returned no response, resulting in a public release of the findings and the proof-of-concept code.The NJCCIC recommends organizations using Brother printers review Trustwave’s Security Advisory and restrict web access to the devices or isolate them from the public internet, if possible. Additionally, review the threat alert titled “Hundreds of Brother Printers Exposed Online” included in the October 19 edition of the NJCCIC Weekly Bulletin for more insight into the risks posed by exposing Brother printers to the public internet.

AdvisoryNJCCICBrother, Printer, DDoS