Cross-site scripting (XSS) vulnerability on Brother Printers and All-in One Machines

Vulnerability Reference: CVE-2018-11581
Release Date:July 1st, 2018
Impact:CVSS v3 4.8 Medium

 

Description

 

Cross-site scripting (XSS) vulnerability on Brother Printers and All-in One Machines listed below can allow remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html.

 

Solution

 

Please check the model list. If you are using any of these products, please update the machine to the latest firmware or read the workaround below.

 

Workaround

 

Please use the product on a network protected by a firewall or other protective system. If you do not use Web Based Management, you can prevent attack by disabling Web Based Management on the machine.

 

Firmware Update schedule

 

Please see the Firmware Update schedule.

 

Firmware Update Tool

 

Please download the Firmware Update Tool.

 

 

If your question was not answered, have you checked other FAQs?

Have you checked the manuals?

If you need further assistance, please contact Brother customer service:

Content Feedback

To help us improve our support, please provide your feedback below.

Step 1: How does the information on this page help you?

Step 2: Are there any comments you would like to add?

Please note this form is used for feedback only.