Search a vulnerability

All the vulnerabilites related to Brother Industries - (Multiple Products)

jvndb-2025-014081

Vulnerability from jvndb

Published

2025-09-19 10:52

Modified

2025-09-19 10:52

Summary

Multiple Brother and its OEM products with weak initial administrator passwords

Details

Multiple products provided by BROTHER INDUSTRIES, LTD and other OEM vendors are setup with weak initial administrator passwords, which can be derived from their serial numbers. This is reported by Rapid7, and treated on <a href="https://jvn.jp/en/vu/JVNVU90043828/"target="blank">JVNVU#90043828</a>, <a href="https://www.cve.org/CVERecord?id=CVE-2024-51978"target="blank">CVE-2024-51978</a>. Brother states that (1) serial numbers have been available without authentication by design, for system management purposes, and (2) to fix CVE-2024-51978, the production-lines have been revised to introduce the initial passwords which are hard to derive from its serial numbers After the publication of CVE-2024-51978, runZero reported that eSCL/uscan can be also used to retrieve serial numbers without authentication. eSCL/uscan is not described in CVE-2024-51977, and considering the existence of CVE-2024-51978, Austin Hackers Anonymous assigns <a href="https://www.cve.org/CVERecord?id=CVE-2025-8452"target="blank">CVE-2025-8452</a>. runZero reported this issue to the developer. JPCERT/CC coordinated between the reporter and the developer.

References

▼	Type	URL
	JVN	https://jvn.jp/en/vu/JVNVU93294882/index.html
	JVN	https://jvn.jp/en/vu/JVNVU90043828/
	CVE	https://www.cve.org/CVERecord?id=CVE-2025-8452
	Related Information	https://takeonme.org/cves/cve-2025-8452/
	Related Information	https://www.runzero.com/blog/brother-devices/

Impacted products

▼	Vendor	Product
	Brother Industries	(Multiple Products)
	TOSHIBA TEC	(Multiple Products)
	KONICA MINOLTA, INC.	(Multiple Products)

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-014081.html",
  "dc:date": "2025-09-19T10:52+09:00",
  "dcterms:issued": "2025-09-19T10:52+09:00",
  "dcterms:modified": "2025-09-19T10:52+09:00",
  "description": "Multiple products provided by BROTHER INDUSTRIES, LTD and other OEM vendors are setup with weak initial administrator passwords, which can be derived from their serial numbers.\r\nThis is reported by Rapid7, and treated on \u003ca href=\"https://jvn.jp/en/vu/JVNVU90043828/\"target=\"blank\"\u003eJVNVU#90043828\u003c/a\u003e, \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2024-51978\"target=\"blank\"\u003eCVE-2024-51978\u003c/a\u003e.\r\nBrother states that\r\n  (1) serial numbers have been available without authentication by design, for system management purposes, and\r\n  (2) to fix CVE-2024-51978, the production-lines have been revised to introduce the initial passwords which are hard to derive from its serial numbers\r\n\r\nAfter the publication of CVE-2024-51978, runZero reported that eSCL/uscan can be also used to retrieve serial numbers without authentication.\r\neSCL/uscan is not described in CVE-2024-51977, and considering the existence of CVE-2024-51978, Austin Hackers Anonymous assigns \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2025-8452\"target=\"blank\"\u003eCVE-2025-8452\u003c/a\u003e.\r\n\r\nrunZero reported this issue to the developer.\r\nJPCERT/CC coordinated between the reporter and the developer.",
  "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-014081.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:brother:multiple_products",
      "@product": "(Multiple Products)",
      "@vendor": "Brother Industries",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:toshibatec:multiple_product",
      "@product": "(Multiple Products)",
      "@vendor": "TOSHIBA TEC",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:konicaminolta:multiple_product",
      "@product": "(Multiple Products)",
      "@vendor": "KONICA MINOLTA, INC.",
      "@version": "2.2"
    }
  ],
  "sec:identifier": "JVNDB-2025-014081",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU93294882/index.html",
      "@id": "JVNVU#93294882",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/vu/JVNVU90043828/",
      "@id": "JVNVU#90043828",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2025-8452",
      "@id": "CVE-2025-8452",
      "@source": "CVE"
    },
    {
      "#text": "https://takeonme.org/cves/cve-2025-8452/",
      "@id": "Brother Printer Serial Number Disclosure",
      "@source": "Related Information"
    },
    {
      "#text": "https://www.runzero.com/blog/brother-devices/",
      "@id": "How to find Brother printer, scanner and label maker devices on your network",
      "@source": "Related Information"
    }
  ],
  "title": "Multiple Brother and its OEM products with weak initial administrator passwords"
}