Critical Printer Flaws Under Attack: Millions of Devices at Risk
A month ago discovered security gaps in millions of printers are actively exploited. Experts have been observing a wave of attack on potentially almost 750 models from Brother, Fujifilm, Toshiba and other manufacturers since July.
Attacks on printer weak points increase
Almost a month ago, several security gaps were announced by millions of printers. Now there have been evidence that at least one of them is actively exploited. Owners of affected devices should therefore urgently update their firmware. The security gaps CVE-2024-51977 and CVE-2024-51978 were discovered by Rapid7 security researchers in June 2025. A total of 748 printer models from five manufacturers are affected: 689 models from Brother, 46 by Fujifilm, six by Konica Minolta, five by Ricoh and two from Toshiba. The list of specifically affected printer can be viewed via the CVE entries above.
Since June 4, 2025, the security experts from Crowdsec have now observed a wave of attempts to attack on the weak point CVE-2024-51977. The attacks have intensified since mid -July. These are probably targeted and arbitrary attacks.
Dangerous interaction of two vulnerabilities
The two security gaps work in a dangerous interaction: CVE-2024-51977 enables an unauthorized attacker to spy on the serial number of the target device together with several other sensitive information. The attackers can spy this data on HTTP, HTTPS and IPP services, but also via PJL or SNMP queries.
CVE-2024-51978 then allows the printer’s standard administrator password to be generated, which is derived from the unique serial number during production. If the administrator password has not been changed and the standard password is still used, an attacker can use this circumstance to reconfigure the device or access functions that are only intended for authenticated users.
Firmware updates only partially effective
Brother announced that the weak point CVE-2024-51978 cannot be fully remedied by firmware updates and that a change in the manufacturing process is required. Only devices that have been produced using a new procedure are fully protected. The weak point is rooted in the password generation logic, and all devices produced before the discovery have predictable passwords.
Brother therefore advises owners of endangered devices for a makeshift solution. For example, users should change the standard administrator password in the printer configuration and install the latest firmware updates. This measure is particularly important because the basic weak point is in the hardware architecture.
Printer as a gateway in the network
However, the danger goes beyond individual printer. Because compromised devices can be used as a springboard for further attacks in the network or incorporated into Botnets. With admin access, attackers can take advantage of further weaknesses, for example CVE-2024-51979 for remote code execution or the SSRF gaps for network connections.
Printer are often regarded as less critical devices and accordingly neglected. They often have access to sensitive network areas and can process confidential documents. A compromised printer can therefore cause considerable damage.
Recommended protective measures
Seven of the eight weak points can be remedied by firmware updates that have already been made available by the affected manufacturers. For the critical weak point CVE-2024-51978, which cannot be fully fixed by firmware updates, Brothers recommends changing the standard administrator password on all affected devices.
Administrators should insulate affected printer in the best possible insulation in the network and prevent the access from the outside. In general, it is recommended to limit access to the printer’s admin interfaces via unsecured protocols and external networks.
