FAQs & Troubleshooting

FAQs & Troubleshooting
  • Date: 05/03/2024
  • ID: faq00100823_000

Web Based Management Vulnerabilities on Brother Machines: CVE-2024-21824 and CVE-2024-22475

Description

Session Management Vulnerability

Vulnerability Reference: CVE-2024-21824

Attackers can gain access to the server's setting screen by obtaining session IDs of logged-in users and impersonating them, or by stealing login credentials and tricking users into opening malicious URLs. 
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21824

 

Cross-Site Request Forgery (CSRF) Vulnerability

Vulnerability Reference: CVE-2024-22475

If authenticated users unknowingly submit requests to their machines via a malicious site set up for CSRF attacks, it may allow the attackers to change the Web Based Management settings.

Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22475

 

Affected models

Click here to see the affected models, their firmware update status, and the correct solution for each model (type A or B).

 

Possible Solutions

Type A models:

Update the machine’s firmware using the Firmware Update Tool.

 

Type B models:

  1. Update the machine’s firmware using the Firmware Update Tool.
  2. The machine will restart.
  3. Follow the instructions below to disable Web Based Management.

    LCD models:
    When the machine is in the standby mode, follow these steps to disable Web Based Management from the machine's LCD:
    Menu > 6*. Network > 4*. Web Based Management > OFF
    (* The numbers may vary depending on your model.)

    LED models (HL-12 series):
    1. Close the top cover (if open) and unplug the machine.
    2. Press and hold the power button while plugging the power cable back into the outlet.
      All LEDs will light up.
    3. Still pressing and holding the power button, open the top cover, and then close it again.
      The Error LED will turn off.
    4. Release the power button.  
      All LEDs will turn off.
    5. Press the power button 5 times. 
      The power LED will light up each time the power button is pressed.
    6. Wait for approximately 1 minute.
    7. Web Based Management is disabled. 
      You can confirm this by printing the "Printer Setting" page and checking the following setting:
      [Network Configuration] > [Web Based Management: Enabled/Disabled]
      • Follow the same steps to enable Web Based Management.
      • To reduce the likelihood of such attacks, make sure Web Based Management remains disabled until you need to use it, and then disable it again. 

If your question was not answered, have you checked other FAQs?

Have you checked the manuals?

If you need further assistance, please contact Brother customer service:

Content Feedback

To help us improve our support, please provide your feedback below.

Step 1: How does the information on this page help you?

Step 2: Are there any comments you would like to add?

Please note this form is used for feedback only.

Submit