FAQs & Troubleshooting |
Date: 03/05/2024 ID: faqp00100601_000
Web Based Management Vulnerabilities on Brother Machines: CVE-2024-21824 and CVE-2024-22475
Description
Session Management Vulnerability
Vulnerability Reference: CVE-2024-21824
Attackers can gain access to the server's setting screen by obtaining session IDs of logged-in users and impersonating them, or by stealing login credentials and tricking users into opening malicious URLs.
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21824
Cross-Site Request Forgery (CSRF) Vulnerability
Vulnerability Reference: CVE-2024-22475
If authenticated users unknowingly submit requests to their machines via a malicious site set up for CSRF attacks, it may allow the attackers to change the Web Based Management settings.
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22475
Possible Solutions
- Click here to see the affected models and their firmware update status.
- Update the machine’s firmware using the Firmware Update Tool available in your printer model’s Downloads section.
If you need further assistance, please contact Brother customer service:
Content Feedback
Please note this form is used for feedback only.