 |
常見問題&故障排除 |
Vulnerability Reference: CVE-2020-25107 etc. Solutions for Multiple Vulnerabilities
Description
Denial of Services (DoS) or arbitrary codes may be executed by attackers with remote access, or sensitive information may leak when using your network-connected printer and accessing the SNTP server with the printer’s Synchronized Clock setting ON. (The default setting is OFF.)
| Vulnerability Reference | Reference Site |
| CVE-2020-25107 | https://nvd.nist.gov/vuln/detail/CVE-2020-25107 |
| CVE-2020-25108 | https://nvd.nist.gov/vuln/detail/CVE-2020-25108 |
| CVE-2020-25109 | https://nvd.nist.gov/vuln/detail/CVE-2020-25109 |
| CVE-2020-25110 | https://nvd.nist.gov/vuln/detail/CVE-2020-25110 |
Workaround
Set your SNTP server’s IP address as the SNTP server setting using the printer’s print server page (web based management).
To find your SNTP server’s IP address, execute the nslookup command followed by your SNTP server’s URL in the Windows Command Prompt.
Example command:
nslookup sntp.brother.com
Example result:
Server: apngodc01.ap.brothergroup.net
IP Address: 133.151.111.101
Solution
Update your printer’s firmware to the latest version.
- Check the model and firmware update status list.
- Update the printer’s firmware using the Firmware Update Tool available in your printer model’s Downloads section.
