FAQs & Troubleshooting

Web Based Management Vulnerabilities on Brother Machines: CVE-2024-21824 and CVE-2024-22475

Description

Session Management Vulnerability

Vulnerability Reference: CVE-2024-21824

Attackers can gain access to the server's setting screen by obtaining session IDs of logged-in users and impersonating them, or by stealing login credentials and tricking users into opening malicious URLs.

Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21824

Cross-Site Request Forgery (CSRF) Vulnerability
Vulnerability Reference: CVE-2024-22475
If authenticated users unknowingly submit requests to their machines via a malicious site set up for CSRF attacks, it may allow the attackers to change the Web Based Management settings.
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22475

Possible Solutions

Click here to see the affected models and their firmware update status.
Update the machine’s firmware using the Firmware Update Tool available in your printer model’s Downloads section.

If your question was not answered, have you checked other FAQs?

If you need further assistance, please contact Brother customer service:

Go to the Contact Us

Content Feedback

To help us improve our support, please provide your feedback below.

FAQs & Troubleshooting

Web Based Management Vulnerabilities on Brother Machines: CVE-2024-21824 and CVE-2024-22475

If your question was not answered, have you checked other FAQs?

If you need further assistance, please contact Brother customer service:

Content Feedback

Step 1: How does the information on this page help you?

Step 2: Are there any comments you would like to add?

Support & Downloads

United States(English)