FAQs & Troubleshooting |
Date: 07/19/2024 ID: faqp00100576_000
Vulnerability Reference: CVE-2020-25107 etc. Solutions for Multiple Vulnerabilities
Description
Denial of Services (DoS) or arbitrary codes may be executed by attackers with remote access, or sensitive information may leak when using your network-connected printer and accessing the SNTP server with the printer’s Synchronized Clock setting ON. (The default setting is OFF.)
Vulnerability Reference | Reference Site |
CVE-2020-25107 | https://nvd.nist.gov/vuln/detail/CVE-2020-25107 |
CVE-2020-25108 | https://nvd.nist.gov/vuln/detail/CVE-2020-25108 |
CVE-2020-25109 | https://nvd.nist.gov/vuln/detail/CVE-2020-25109 |
CVE-2020-25110 | https://nvd.nist.gov/vuln/detail/CVE-2020-25110 |
Workaround
Set your SNTP server’s IP address as the SNTP server setting using the printer’s print server page (web based management).
To find your SNTP server’s IP address, execute the nslookup command followed by your SNTP server’s URL in the Windows Command Prompt.
Example command:
nslookup sntp.aaaaa.com
Solution
Update your printer’s firmware to the latest version.
- Check the model and firmware update status list.
- Update the printer’s firmware using the Firmware Update Tool available in your printer model’s Downloads section.
If you need further assistance, please contact Brother customer service:
Content Feedback
Please note this form is used for feedback only.