Brother Printers – Authentication Bypass via Default Admin Password

By leaking a target device's serial number, a remote attacker can generate the target device's default administrator password. The target device may leak its serial number via unauthenticated HTTP, HTTPS, IPP, SNMP, or PJL requests. id: CVE-2024-51978 info: name: Brother Printers – Authentication...

Brother MFC-L9570CDW - Information Disclosure

An unauthenticated attacker who can access either the HTTP service TCP port 80, the HTTPS service TCP port 443, or the IPP service TCP port 631, can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mntinfo.csv can be accessed via a GET request and no...

Multiple vulnerabilities in BROTHER MFPs (multifunction printers)

Overview Multiple MFPs provided by BROTHER INDUSTRIES, LTD. contain multiple vulnerabilities listed below. Improper certificate validation CWE-295 - CVE-2025-53869 Hidden Functionality CWE-912 - CVE-2025-55704 Anton Fabricius of SySS GmbH reported these vulnerabilities to the developer. JPCERT/CC...

CVE-2025-55704

Hidden functionality issue exists in multiple MFPs provided by Brother Industries, Ltd., which may allow an attacker to obtain the logs of the affected product and obtain sensitive information within the logs...

CVE-2025-55704

Hidden functionality issue exists in multiple MFPs provided by Brother Industries, Ltd., which may allow an attacker to obtain the logs of the affected product and obtain sensitive information within the logs...

CVE-2025-53869

CVE-2025-53869 affects Brother MFPs (brother INDUSTRIES, LTD) where the product does not properly validate server certificates. The underlying issue is improper certificate validation (CWE-295) that can enable a man-in-the-middle attacker to replace the product’s root certificate store with arbit...

CVE-2025-53869

Multiple MFPs provided by Brother Industries, Ltd. does not properly validate server certificates, which may allow a man-in-the-middle attacker to replace the set of root certificates used by the product with a set of arbitrary certificates...

Brother Printers Out-of-bounds Write (CVE-2019-13193)

Some Brother printers such as the HL-L8360CDW v1.20 were affected by a stack buffer overflow vulnerability as the web server did not parse the cookie value properly. This would allow an attacker to execute arbitrary code on the device. This plugin only works with Tenable.ot. Please visit...

Brother HL Printers Cross-site Scripting (CVE-2018-11581)

Cross-site scripting XSS vulnerability on Brother HL series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Brother Printers Missing Authentication for Critical Function (CVE-2019-13194)

Some Brother printers such as the HL-L8360CDW v1.20 were affected by different information disclosure vulnerabilities that provided sensitive information to an unauthenticated user who visits a specific URL. This plugin only works with Tenable.ot. Please visit...

Brother Printers NULL Pointer Dereference (CVE-2023-29984)

Null pointer dereference vulnerability exists in multiple vendors MFPs and printers which implement Debut web server 1.2 or 1.3. Processing a specially crafted request may lead an affected product to a denial-of- service DoS condition. As for the affected products/models/versions, see the detaile...

Brother Printers Out-of-bounds Write (CVE-2019-13192)

Some Brother printers such as the HL-L8360CDW v1.20 were affected by a heap buffer overflow vulnerability as the IPP service did not parse attribute names properly. This would allow an attacker to execute arbitrary code on the device. This plugin only works with Tenable.ot. Please visit...

EUVD-2019-4713

Malware in sbrugna...

EUVD-2019-4715

Malware in sbrugna...

EUVD-2019-4714

Malware in sbrugna...

EUVD-2025-24270

Malicious code in bioql PyPI...

Brother Printers Buffer Overflow Vulnerability (Jul 2025)

Multiple Brother printers are prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

CVE-2025-8452

By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware. This serial number can, in turn, can be leveraged by the flaw described by CVE-2024-51978 to calculate the default...

CVE-2025-8452 Unauthenticated leak of sensitive information affecting multiple models from Brother Industries, Ltd., Toshiba Tec, and Konica Minolta, Inc.

By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware. This serial number can, in turn, can be leveraged by the flaw described by CVE-2024-51978 to calculate the default...

CVE-2019-13194

Some Brother printers such as the HL-L8360CDW v1.20 were affected by different information disclosure vulnerabilities that provided sensitive information to an unauthenticated user who visits a specific URL...