Brother Devices Denial-of-Service Vulnerability via Malformed Printer Job Language Command

A denial-of-service vulnerability has been identified in multiple Brother multifunction printers, including the MFC-L9570CDW and DCP-L2530DW models. An unauthenticated attacker can connect to TCP port 9100 and send a malformed Printer Job Language (PJL) command that crashes the device. The targeted device reboots, but the attacker can immediately resend the command to crash the device again. This vulnerability affects 691 models across Brother's range of printers, scanners, and label makers, as well as 46 models from FUJIFILM Business Innovation, 5 models from Ricoh, and 2 models from Toshiba Tec Corporation.

Impact

Exploitation of this vulnerability leads to a complete device crash, causing a loss of availability and system instability.

Reproduction

The vulnerability can be reproduced by sending a PJL command with a malformed FORMLINES variable set to a non-numeric value to a Brother printer's TCP port 9100. This can be done using a network connection, either from an internal or external source, depending on the printer's network exposure.

Remediation

Users should check if a firmware update is available for their specific Brother printer model. If an update is available, it should be installed using the Brother Firmware Update Tool. After the update, the default administrator password should be changed via the printer's Web Based Management interface. For models where the firmware update is not yet available, Brother has provided specific workarounds, such as disabling the WSD function or regularly checking for update availability.