 |
FAQs & Troubleshooting |
Cross-site scripting (XSS) vulnerability on Brother Printers and All-in One Machines
Vulnerability Reference: CVE-2018-11581
Release Date:July 1st, 2018
Impact:CVSS v3 4.8 Medium
Description
Cross-site scripting (XSS) vulnerability on some Brother Printers and All-in One Machines can allow remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html.
Solution
Please check Firmware Update status. If you are using any of these products, please update the machine to the latest firmware or read the workaround below.
Workaround
Please use the product on a network protected by a firewall or other protective system. If you do not use Web Based Management, you can prevent attack by disabling Web Based Management on the machine.
Firmware Update status
Please see Firmware Update status.
Firmware Update Tool
Please download Firmware Update Tool.