Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN397 _____________________________________________________________________ DATE : 26/06/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Brother products. ===================================================================== https://support.brother.com/g/b/faqend.aspx?c=fr&lang=fr&prod=lmgroup1&ftype3=100256&faqid=faqp00100621_000&ot=eu_ot https://support.brother.com/g/b/faqend.aspx?c=fr&lang=fr&prod=lmgroup1&ftype3=100256&faqid=faqp00100620_000&ot=eu_ot https://support.brother.com/g/b/faqend.aspx?c=fr&lang=fr&prod=group2&faqid=faq00100848_000&ot=eu_ot _____________________________________________________________________ Date: 18/06/2025 ID: faqp00100621_000 Privilege Escalation Vulnerability in Brother Software (Windows) CVE ID: CVE-2025-49797 Description A privilege escalation vulnerability has been identified in Brother software running on Windows. This vulnerability may allow an attacker to gain elevated privileges (for example, administrator rights), enabling them to: Access or modify sensitive data Change system configurations Execute malicious code View the list of affected label printers and firmware update status https://support.brother.com/g/s/es/security/CVE-2025-49797_label.pdf Solution To reduce the risks associated with this vulnerability, follow these steps: Use the link above to check if an updated version of the affected software is available for your label printer. If an update is available, download and install the latest software version from your label printer’s “Downloads” page at support.brother.com. If the updated software is not yet available: Regularly check the update availability status using the link above. Install the update as soon as it becomes available. Follow the guidance provided in the “Prevention” section to help reduce potential risks. Prevention To reduce exposure to potential threats, follow these essential security best practices: Keep software up to date: Regularly install updates for Windows, web browsers, applications, and Brother software. Security updates often fix vulnerabilities that attackers could exploit. Install software only from trusted sources: Use official company websites or app stores to avoid malicious or tampered software. Strengthen authentication: Use strong, complex passwords and enable multi-factor authentication (MFA) wherever possible. Use security tools: Install reputable antivirus or anti-malware software, enable firewalls, and activate browser security features, such as pop-up blockers and safe browsing modes. Acknowledgements We would like to thank Julian Horoszkiewicz of Eviden, Poland, for reporting this vulnerability. _____________________________________________________________________ Date: 18/06/2025 ID: faqp00100620_000 Addressing Security Vulnerabilities Description A number of vulnerabilities that may affect Brother label printers have been identified and listed in the table below. Vulnerability Identifier Details and Reference URL CVE-2017-9765 Stack buffer overflow that may allow malicious code execution or application crash https://www.cve.org/CVERecord?id=CVE-2017-9765 CVE-2024-2169 Infinite message loop between servers that may lead to denial of service https://www.cve.org/CVERecord?id=CVE-2024-2169 CVE-2024-51977 Risk of unauthorized access to data https://www.cve.org/CVERecord?id=CVE-2024-51977 CVE-2024-51978 Authentication bypass risk https://www.cve.org/CVERecord?id=CVE-2024-51978 CVE-2024-51979 Risk of stack overflow that may lead to system instability and malicious code execution https://www.cve.org/CVERecord?id=CVE-2024-51979 CVE-2024-51980 Forced TCP connections that may lead to unauthorized remote access https://www.cve.org/CVERecord?id=CVE-2024-51980 CVE-2024-51981 Risk of unauthorized HTTP requests being forwarded to other hosts within the local area network https://www.cve.org/CVERecord?id=CVE-2024-51981 CVE-2024-51983 Risk of device crash from external input that may lead to denial of service and system instability https://www.cve.org/CVERecord?id=CVE-2024-51983 CVE-2024-51984 Risk of printer data exposure via pass-back attacks https://www.cve.org/CVERecord?id=CVE-2024-51984 View the list of affected label printers and firmware update status https://support.brother.com/g/s/es/security/CVE-2017-9765_label.pdf Solution To reduce the risks associated with the listed vulnerabilities, follow these steps: Use the link above to check if an updated version of the affected firmware is available for your label printer. If an update is available, download and install the latest firmware version using the Firmware Update Tool. After installation, change the default administrator password via Web Based Management. If the updated firmware is not yet available: Follow the suggested workarounds in the “Workarounds” section. Regularly check the update availability status using the link above. Install the update as soon as it becomes available. Make sure you use your label printer in a firewall-protected environment. Workarounds As a temporary measure before the firmware update for your label printer becomes available, you can change the following settings from your label printer’s Web Based Management menu: Vulnerability Identifier Workaround CVE-2017-9765 Disable the WSD function. CVE-2024-2169 Disable TFTP. CVE-2024-51977 There is no workaround. Install the latest firmware when it becomes available (see the link above). CVE-2024-51978 Change the default administrator password. CVE-2024-51979 Change the default administrator password. CVE-2024-51980 Disable the WSD function. CVE-2024-51981 Disable the WSD function. CVE-2024-51983 Disable the WSD function CVE-2024-51984 Change the default administrator password. Acknowledgements We would like to thank Yepeng Pan of CISPA, Germany, for reporting the CVE-2024-2169 vulnerability. We would like to thank Stephen Fewer, Principal Security Researcher at Rapid7, USA, for reporting vulnerabilities CVE-2024-51977 - CVE-2024-51984. _____________________________________________________________________ Date: 18/06/2025 ID: faq00100848_000 Addressing Security Vulnerabilities Description A number of vulnerabilities that may affect Brother scanners have been identified and listed in the table below. Vulnerability Identifier Details and Reference URL CVE-2017-9765 Stack buffer overflow that may allow malicious code execution or application crash https://www.cve.org/CVERecord?id=CVE-2017-9765 CVE-2024-2169 Infinite message loop between servers that may lead to denial of service https://www.cve.org/CVERecord?id=CVE-2024-2169 CVE-2024-51978 Authentication bypass risk https://www.cve.org/CVERecord?id=CVE-2024-51978 CVE-2024-51979 Risk of stack overflow that may lead to system instability and malicious code execution https://www.cve.org/CVERecord?id=CVE-2024-51979 CVE-2024-51980 Forced TCP connections that may lead to unauthorized remote access https://www.cve.org/CVERecord?id=CVE-2024-51980 CVE-2024-51981 Risk of unauthorized HTTP requests being forwarded to other hosts within the local area network https://www.cve.org/CVERecord?id=CVE-2024-51981 CVE-2024-51982 Device crash triggered by external input that may lead to denial of service and system instability https://www.cve.org/CVERecord?id=CVE-2024-51982 CVE-2024-51983 Risk of device crash from external input that may lead to denial of service and system instability https://www.cve.org/CVERecord?id=CVE-2024-51983 CVE-2024-51984 Risk of printer data exposure via pass-back attacks https://www.cve.org/CVERecord?id=CVE-2024-51984 View the list of affected scanners and firmware update status https://support.brother.com/g/s/id/security/CVE-2017-9765_ds.pdf Solution To reduce the risks associated with the listed vulnerabilities, follow these steps: Use the link above to check if an updated version of the affected firmware is available for your machine. If an update is available, download and install the latest firmware version using the Firmware Update Tool. After installation, change the default administrator password via Web Based Management. If the updated firmware is not yet available: Follow the suggested workarounds in the “Workarounds” section. Regularly check the update availability status using the link above. Install the update as soon as it becomes available. Make sure you use your machine in a firewall-protected environment. Workarounds As a temporary measure before the firmware update for your scanner becomes available, you can change the following settings from your scanner’s Web Based Management menu: Vulnerability Identifier Workaround CVE-2017-9765 Disable the WSD function. CVE-2024-2169 Disable TFTP. CVE-2024-51978 Change the default administrator password. CVE-2024-51979 Change the default administrator password. CVE-2024-51980 Disable the WSD function. CVE-2024-51981 Disable the WSD function. CVE-2024-51982 There is no workaround. Install the latest firmware. CVE-2024-51983 Disable the WSD function. CVE-2024-51984 Change the default administrator password. Acknowledgements We would like to thank Yepeng Pan of CISPA, Germany, for reporting the CVE-2024-2169 vulnerability. We would like to thank Stephen Fewer, Principal Security Researcher at Rapid7, USA, for reporting vulnerabilities CVE-2024-51977 - CVE-2024-51984. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================