Vulnerability Reference: CVE-2020-25107 etc. Solutions for Multiple Vulnerabilities

Description
Denial of Services (DoS) or arbitrary codes may be executed by attackers with remote access, or sensitive information may leak when using your network-connected printer and accessing the SNTP server with the printer’s Synchronised Clock setting ON. (The default setting is OFF.)

Vulnerability Reference Reference Site
CVE-2020-25107 https://nvd.nist.gov/vuln/detail/CVE-2020-25107
CVE-2020-25108 https://nvd.nist.gov/vuln/detail/CVE-2020-25108
CVE-2020-25109 https://nvd.nist.gov/vuln/detail/CVE-2020-25109
CVE-2020-25110 https://nvd.nist.gov/vuln/detail/CVE-2020-25110

 

Workaround

Set your SNTP server’s IP address as the SNTP server setting using the printer’s print server page (web based management).

 

To find your SNTP server’s IP address, execute the nslookup command followed by your SNTP server’s URL in the Windows Command Prompt.

 

Example command:
nslookup sntp.aaaaa.com

 

Solution

Update your printer’s firmware to the latest version.

  1. Check the model and firmware update status list.
  2. Update the printer’s firmware using the Firmware Update Tool available in your printer model’s Downloads section.

If your question was not answered, have you checked other FAQs?

If you need further assistance, please contact Brother customer service:

Content Feedback

To help us improve our support, please provide your feedback below.

Step 1: How does the information on this page help you?

Step 2: Are there any comments you would like to add?

Please note this form is used for feedback only.