Brother printers and multi-function devices vulnerable to DoS attack

By
Brother printers and multi-function devices vulnerable to DoS attack

Trustwave researchers revealed a vulnerability in Brother consumer and business printers and multi-function devices that can allow a denial of service attack.

Trustwave researchers revealed a vulnerability in Brother consumer and business printers and multi-function devices that can allow a denial of service attack.

The vulnerability, CVE-2017-16249, is in Brother's Debut embedded HTTP server which will allow a single malformed HTTP request to cause the server to hang making it unusable. Eventually the printer will issue an HTTP 500 error.

“The following Proof of Concept (PoC) connects to the device, sends the malformed HTTP request, waits for the server to reply (with the 500 error), and sends another malformed HTTP request.  This process is repeated indefinitely until stopped,” the Trustwave advisory said.

The flaw was made public in an advisory by Trustwave in early November after the security firm did not receive a response from Brother despite making several attempts to contact the vendor starting in September. No patch exists, but Trustwave suggests access to these devices should be limited only to authorised users by using an access control list and network segmentation.

This article originally appeared at scmagazineuk.com

Copyright © SC Magazine, UK edition
Tags:

Most Read Articles

Review: Sony Xperia XZ1

Review: Sony Xperia XZ1

Ex-Bioware writer David Gaider on representation in games

Ex-Bioware writer David Gaider on representation in games

Three ways to rip and digitise your DVD collection

Three ways to rip and digitise your DVD collection

YouTube to take on Spotify with YouTube Remix in 2018

YouTube to take on Spotify with YouTube Remix in 2018

Would you like to receive

Our Newsletter?