A recent zero-day research project conducted by Rapid7 revealed the discovery of eight new vulnerabilities in multifunction printers, with one critical flaw rated at 9.8. The vulnerabilities were identified in printers from five leading vendors, including Brother Industries, Fujifilm Business Innovation, Ricoh, Toshiba Tec Corporation, and Konica Minolta. Rapid7 collaborated with IPCERT/CC and Brother Industries to uncover a total of 748 affected models.
The research highlighted the importance of firmware updates, with seven bugs addressed through firmware updates while a workaround was provided for the critical authentication bypass flaw. Stephen Fewer, principal security researcher at Rapid7, emphasized the need for security teams to verify that firmware updates have been successfully applied to each device. He also stressed the significance of addressing the authentication bypass flaw promptly by manually changing default administrator passwords on affected devices.
John Gallagher, Vice President at Viakoo, pointed out that printers, often overlooked in terms of security, pose a significant risk when left unpatched. He highlighted the prevalence of printers in critical sectors like healthcare, where patient information stored on printers could be targeted by threat actors. Gallagher emphasized the need for vigilant patching and maintenance to mitigate risks associated with unsecured printers.
David Matalon, CEO at Venn, underscored the broader issue of expanding threat surfaces as employees work outside corporate perimeters. He emphasized the importance of protecting company data independently of the device or network used for access, urging organizations to consider all potential vulnerabilities, including unmanaged printers and smart devices connected to external networks.
Furthermore, Rapid7 provided guidance on responding effectively to the printer vulnerabilities. Security teams were advised to assess their exposure by identifying deployed printer models, create a remediation plan to update affected devices, and implement defense-in-depth measures such as removing exposed printer devices across network segments and enabling automatic firmware updates.
These findings serve as a reminder of the evolving security landscape and the critical need for organizations to prioritize the protection of all network-connected devices, including printers. As cyber threats continue to target vulnerabilities in various devices, proactive measures such as timely patching, firmware updates, and robust security protocols are essential to safeguard sensitive information and mitigate potential risks.
📰 Related Articles
- iHeart Media: Trailblazing Entertainment Updates and Insights
- Xerox Versalink C7025 Printer Vulnerability Exposes Network Security Risks
- Ubisoft Unveils Rainbow Six Siege X Updates and Season Teasers
- Top 5 Electric Bike Stories: Bajaj, TVS, Ather, Royal Enfield Updates
- Third-Gen Audi Q5: Luxury, Tech, and Performance Updates