Technology

208 readers

75 users here now

Share interesting Technology news and links.

Rules:

No paywalled sites at all.
News articles has to be recent, not older than 2 weeks (14 days).
No videos.
Post only direct links.

To encourage more original sources and keep this space commercial free as much as I could, the following websites are Blacklisted:

Al Jazeera.
NBC.
CNBC.
NY Magazine.
Substack.
Tom's Hardware.
ZDNet.
TechSpot.
Ars Technica.
Vox Media outlets, with exception for Axios(Due to being ad free.)
Engadget.
TechCrunch.
Gizmodo.
Futurism.
PCWorld.
ComputerWorld.
Mashable.

More sites will be added to the blacklist as needed.

Encouraged:

Archive links in the body of the post.
Linking to the direct source, instead of linking to an article talking about the source.

founded 1 month ago

MODERATORS

[email protected]

Some Brother printers have a remote code execution vulnerability, and they can’t fix it (www.rapid7.com)

submitted 3 days ago by [email protected] to c/[email protected]

7 comments fedilink hide all child comments

Brother has indicated that this vulnerability cannot be fully remediated in firmware, and has required a change to the manufacturing process of all affected models.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 15 points 3 days ago (1 children)

The most serious of the findings is the authentication bypass CVE-2024-51978. A remote unauthenticated attacker can leak the target device's serial number through one of several means, and in turn generate the target device's default administrator password. This is due to the discovery of the default password generation procedure used by Brother devices. This procedure transforms a serial number into a default password. Affected devices have their default password set, based on each device's unique serial number, during the manufacturing process. Brother has indicated that this vulnerability cannot be fully remediated in firmware, and has required a change to the manufacturing process of all affected models.

So the fix for this "can't be fixed" issue is to change the default password yourself, which you should be doing anyway.

[–] cecilkorik 3 points 3 days ago

They should have a separate severity rating for "is this actually likely to impact admins who aren't complete idiots".