FAQs & Troubleshooting |
Date: 05/03/2024 ID: faq00100823_000
Web Based Management Vulnerabilities on Brother Machines: CVE-2024-21824 and CVE-2024-22475
Description
Session Management Vulnerability
Vulnerability Reference: CVE-2024-21824
Attackers can gain access to the server's setting screen by obtaining session IDs of logged-in users and impersonating them, or by stealing login credentials and tricking users into opening malicious URLs.
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21824
Cross-Site Request Forgery (CSRF) Vulnerability
Vulnerability Reference: CVE-2024-22475
If authenticated users unknowingly submit requests to their machines via a malicious site set up for CSRF attacks, it may allow the attackers to change the Web Based Management settings.
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22475
Affected models
Possible Solutions
Type A models:
Update the machine’s firmware using the Firmware Update Tool.
Type B models:
- Update the machine’s firmware using the Firmware Update Tool.
- The machine will restart.
-
Follow the instructions below to disable Web Based Management.
LCD models:
When the machine is in the standby mode, follow these steps to disable Web Based Management from the machine's LCD:
Menu > 6*. Network > 4*. Web Based Management > OFF
(* The numbers may vary depending on your model.)
LED models (HL-12 series):- Close the top cover (if open) and unplug the machine.
-
Press and hold the power button while plugging the power cable back into the outlet.
All LEDs will light up. -
Still pressing and holding the power button, open the top cover, and then close it again.
The Error LED will turn off. -
Release the power button.
All LEDs will turn off. -
Press the power button 5 times.
The power LED will light up each time the power button is pressed. - Wait for approximately 1 minute.
-
Web Based Management is disabled.
You can confirm this by printing the "Printer Setting" page and checking the following setting:
[Network Configuration] > [Web Based Management: Enabled/Disabled]- Follow the same steps to enable Web Based Management.
- To reduce the likelihood of such attacks, make sure Web Based Management remains disabled until you need to use it, and then disable it again.
If you need further assistance, please contact Brother customer service:
Content Feedback
Please note this form is used for feedback only.