Vulnerability Reference: CVE-2019-13192, CVE-2019-13193, CVE-2019-13194

• Heap Overflow in IPP Attribute Name
  Vulnerability Reference : CVE-2019-13192
  Release Date : July 31, 2019
  Impact : 9.8 CVSSv3
  Summary : Heap buffer overflow vulnerability would allow arbitrary codes to run on Brother products.
  Reference : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13192 (Opens another website in a new window.)

   

• Stack Buffer Overflow in Cookie Values
  Vulnerability Reference : CVE-2019-13193
  Release Date : July 31, 2019
  Impact : 8.8 CVSSv3
  Summary : Stack buffer overflow vulnerability would allow arbitrary codes on Brother products, causing data corruption.
  Reference : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13193 (Opens another website in a new window.)

   

• Information Disclosure Vulnerability
  Vulnerability Reference : CVE-2019-13194
  Release Date : July 31, 2019
  Impact : 7.5 CVSSv3
  Summary : Information disclosure vulnerability would allow unauthorized users to sniff Web Based Management URLs used for managing product settings.
  Reference : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13194 (Opens another website in a new window.)

Solution
Please check the affected model list. If you are currently using any of these products, please update the machine firmware and/or follow the Workaround below.

Workaround
Please use the product on a network protected by a firewall or a router.

Firmware Update Schedule
Please see the affected model list.

Firmware Update Tool

Please download Brother’s Firmware Update Tool from the Downloads section for your machine.