Brother printers and multi-function devices vulnerable to DoS attack

By
Brother printers and multi-function devices vulnerable to DoS attack

Trustwave researchers revealed a vulnerability in Brother consumer and business printers and multi-function devices that can allow a denial of service attack.

Trustwave researchers revealed a vulnerability in Brother consumer and business printers and multi-function devices that can allow a denial of service attack.

The vulnerability, CVE-2017-16249, is in Brother's Debut embedded HTTP server which will allow a single malformed HTTP request to cause the server to hang making it unusable. Eventually the printer will issue an HTTP 500 error.

“The following Proof of Concept (PoC) connects to the device, sends the malformed HTTP request, waits for the server to reply (with the 500 error), and sends another malformed HTTP request.  This process is repeated indefinitely until stopped,” the Trustwave advisory said.

The flaw was made public in an advisory by Trustwave in early November after the security firm did not receive a response from Brother despite making several attempts to contact the vendor starting in September. No patch exists, but Trustwave suggests access to these devices should be limited only to authorised users by using an access control list and network segmentation.

This article originally appeared at scmagazineuk.com

Copyright © SC Magazine, UK edition
Tags:

Most Read Articles

How to cast from Windows 10 to a smart TV with 5KPlayer

How to cast from Windows 10 to a smart TV with 5KPlayer

How to: Fix a stuck Windows 10 update

How to: Fix a stuck Windows 10 update

Review: Alienware AW3418DW 34-inch curved gaming monitor

Review: Alienware AW3418DW 34-inch curved gaming monitor

PC & Tech Authority and APC magazine are merging!

PC & Tech Authority and APC magazine are merging!

Would you like to receive

Our Newsletter?