FAQs & Troubleshooting |
Web Based Management Vulnerabilities on Brother Machines: CVE-2024-21824 and CVE-2024-22475
Description
Session Management Vulnerability
Vulnerability Reference: CVE-2024-21824
Attackers can gain access to the server's setting screen by obtaining session IDs of logged-in users and impersonating them, or by stealing login credentials and tricking users into opening malicious URLs.
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21824
Cross-Site Request Forgery (CSRF) Vulnerability
Vulnerability Reference: CVE-2024-22475
If authenticated users unknowingly submit requests to their machines via a malicious site set up for CSRF attacks, it may allow the attackers to change the Web Based Management settings.
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22475
Possible Solutions